Skip to content

Adding checks while downloading the rafs-based VDB image and refactor… #3

Adding checks while downloading the rafs-based VDB image and refactor…

Adding checks while downloading the rafs-based VDB image and refactor… #3

Workflow file for this run

name: docker tests
on:
push:
branches:
- master
- feature/*
paths-ignore:
- '**/README.md'
- 'gobintests.yml'
- 'pythonapp.yml'
- 'python-publish.yml'
pull_request:
jobs:
ubuntu_version_tests:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip setuptools
python3 -m pip install .[dev]
npm install -g @cyclonedx/cdxgen
mkdir -p repotests
- name: Run pytest tests
run: |
python3 -m pip install -r contrib/requirements.txt
python3 -m pytest test
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VDB_HOME: "vdb_data"
- name: Test container images
run: |
mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }}
# python3 depscan/cli.py --no-banner --cache --no-error --src ghcr.io/owasp-dep-scan/dep-scan -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-scan.json -t docker
python3 depscan/cli.py --no-banner --no-error --src shiftleft/scan-slim -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json -t docker,license --no-vuln-table
python3 depscan/cli.py --no-banner --no-error --src redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json -t docker --no-vuln-table
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VDB_HOME: "vdb_data"
- uses: actions/upload-artifact@v3
with:
name: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
path: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
reachable_tests:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
python-version: ['3.11']
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: '19'
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install .[dev]
npm install -g @cyclonedx/cdxgen
mkdir -p repotests
- uses: actions/checkout@v4
with:
repository: 'HooliCorp/java-sec-code'
path: 'repotests/java-sec-code'
- name: Reachables tests
run: |
mkdir -p ${GITHUB_WORKSPACE}/rtests_ubuntu
cd ${GITHUB_WORKSPACE}/repotests/java-sec-code
mvn clean compile -DskipTests
cd ${GITHUB_WORKSPACE}
python3 depscan/cli.py --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/rtests_ubuntu -t java --profile research --explain
env:
PYTHONPATH: "."
VDB_HOME: "vdb_data"
PYTHONUTF8: 1
AT_DEBUG_MODE: "debug"
- uses: actions/upload-artifact@v3
with:
name: rtests_ubuntu
path: rtests_ubuntu
ubuntu_version_tests2:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
python-version: ['3.11']
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install .[dev]
npm install -g @cyclonedx/cdxgen
mkdir -p repotests
- uses: actions/checkout@v4
with:
repository: 'GoogleCloudPlatform/microservices-demo'
path: 'repotests/microservices-demo'
- uses: actions/checkout@v4
with:
repository: 'OWASP/NodeGoat'
path: 'repotests/NodeGoat'
- name: Test container images
run: |
mkdir -p containertests_${{ matrix.os }}
python3 -m pip install -r contrib/requirements.txt
cp contrib/csaf.toml repotests/microservices-demo/csaf.toml
cp contrib/csaf.toml repotests/NodeGoat/csaf.toml
python3 depscan/cli.py --no-banner --no-error --src rocket.chat@sha256:379f7afa0e67497c363ac9a9b3e7e6a6d31deee228233307c987e4a0c68b28e6 -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
python3 depscan/cli.py --no-banner --no-error --src ./test/data/bom-yaml-manifest.json -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-yaml.json --no-vuln-table
python3 depscan/cli.py --csaf --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
python3 depscan/cli.py --csaf --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VDB_HOME: "vdb_data"
PYTHONUTF8: 1
- uses: actions/upload-artifact@v3
with:
name: containertests_${{ matrix.os }}
path: containertests_${{ matrix.os }}
version_tests_mac_win:
needs: ubuntu_version_tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, windows-latest ]
python-version: [ '3.8', '3.9', '3.10', '3.11', '3.12' ]
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip setuptools
python3 -m pip install .[dev]
- name: Run pytest tests
run: |
python3 -m pip install -r contrib/requirements.txt
python3 -m pytest test
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VDB_HOME: "vdb_data"
- name: Get boms generated earlier
uses: actions/download-artifact@v3
with:
name: containertests_ubuntu-latest_python3.11
path: containertests_ubuntu-latest_python3.11
- name: Test container images
run: |
mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }}
python3 depscan/cli.py --no-banner --cache --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-slim-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json --no-vuln-table
python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-redmine-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json --no-vuln-table
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VDB_HOME: "vdb_data"
PYTHONUTF8: 1
AT_DEBUG_MODE: "debug"
- uses: actions/upload-artifact@v3
with:
name: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
path: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
version_tests2_mac_win:
needs: ubuntu_version_tests2
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ macos-latest, windows-latest ]
python-version: [ '3.11' ]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Trim CI agent
run: |
chmod +x contrib/free_disk_space.sh
./contrib/free_disk_space.sh
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install .[dev]
- name: Get boms generated earlier
uses: actions/download-artifact@v3
with:
name: containertests_ubuntu-latest
path: containertests_ubuntu-latest
- name: Test container images
shell: bash
run: |
mkdir -p containertests_${{ matrix.os }}
python3 -m pip install -r contrib/requirements.txt
mkdir -p containertests_ubuntu-latest/microservices
mkdir -p containertests_ubuntu-latest/NodeGoat
mv containertests_ubuntu-latest/sbom-msd-universal.json containertests_ubuntu-latest/microservices/sbom-msd-universal.json
mv containertests_ubuntu-latest/ng-reports/sbom-universal.json containertests_ubuntu-latest/nodegoat/sbom-universal.json
cp contrib/csaf.toml containertests_ubuntu-latest/microservices/csaf.toml
cp contrib/csaf.toml containertests_ubuntu-latest/nodegoat/csaf.toml
python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/sbom-rocket-universal.json -o containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/microservices/sbom-msd-universal.json -o containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/reports
python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/nodegoat/sbom-universal.json -o containertests_${{ matrix.os }}/depscan-ng.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
env:
PYTHONPATH: "."
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PYTHONUTF8: 1
AT_DEBUG_MODE: "debug"
- uses: actions/upload-artifact@v3
with:
name: containertests_${{ matrix.os }}
path: containertests_${{ matrix.os }}