Update cdxgen to bring dotnet universal tree fix (#231)

* Update cdxgen to bring dotnet universal tree fix Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Publish release images Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Fix oras-py version Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * update cdxgen to get paket lock fix Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
owasp-dep-scan · Jan 29, 2024 · a6f75fe · a6f75fe
1 parent 6bc6568
commit a6f75fe
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/.github/workflows/pythonpublish.yml b/.github/workflows/pythonpublish.yml
@@ -11,6 +11,7 @@ on:
  - 'gobintests.yml'
  branches:
  - master
+ - release/*
  tags:
  - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
  workflow_dispatch:

diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,7 @@ LABEL maintainer="AppThreat" \
  org.opencontainers.image.authors="Team AppThreat <cloud@appthreat.com>" \
  org.opencontainers.image.source="https://github.com/owasp-dep-scan/dep-scan" \
  org.opencontainers.image.url="https://appthreat.com" \
- org.opencontainers.image.version="5.0.0" \
+ org.opencontainers.image.version="5.2.x" \
  org.opencontainers.image.vendor="appthreat" \
  org.opencontainers.image.licenses="MIT" \
  org.opencontainers.image.title="dep-scan" \
@@ -73,7 +73,8 @@ RUN set -e; \
  && sdk offline enable \
  && mv /root/.sdkman/candidates/* /opt/ \
  && rm -rf /root/.sdkman \
- && npm install -g @cyclonedx/cdxgen \
+ && npm install -g @cyclonedx/cdxgen@^9.11.5 \
+ && cdxgen --version \
  && curl -LO "https://dl.google.com/go/go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz" \
  && tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \
  && rm go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,14 +1,14 @@
 [project]
 name = "owasp-depscan"
-version = "5.2.3"
+version = "5.2.4"
 description = "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories."
 authors = [
  {name = "Team AppThreat", email = "cloud@appthreat.com"},
 ]
 dependencies = [
  "appthreat-vulnerability-db==5.5.10",
  "defusedxml",
- "oras",
+ "oras==0.1.26",
  "PyYAML",
  "rich",
  "quart",