Post-vdb6 integration enhancements #857

Workflow file for this run

.github/workflows/dockertests.yml at f8b85d4

	name: docker tests

	on:
	pull_request:
	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: false
	jobs:
	ubuntu_version_tests:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]
	python-version: ['3.10', '3.11', '3.12']
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip setuptools
	python3 -m pip install .[dev]
	npm install -g @cyclonedx/cdxgen
	mkdir -p repotests
	python3 -m pip install -r contrib/requirements.txt
	- name: Test container images
	run: \|
	mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	# python3 depscan/cli.py --no-banner --cache --no-error --src ghcr.io/owasp-dep-scan/dep-scan -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-scan.json -t docker
	python3 depscan/cli.py --no-banner --no-error --src shiftleft/scan-slim -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json -t docker,license --no-vuln-table
	python3 depscan/cli.py --no-banner --no-error --src redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json -t docker --no-vuln-table
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	path: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	reachable_tests:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]
	python-version: ['3.11']
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Set up JDK
	uses: actions/setup-java@v4
	with:
	distribution: 'zulu'
	java-version: '21'
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip
	python3 -m pip install .[dev]
	npm install -g @cyclonedx/cdxgen
	mkdir -p repotests
	- uses: actions/checkout@v4
	with:
	repository: 'ngcloudsec/java-sec-code'
	path: 'repotests/java-sec-code'
	- name: Reachables tests
	run: \|
	mkdir -p ${GITHUB_WORKSPACE}/rtests_ubuntu
	cd ${GITHUB_WORKSPACE}/repotests/java-sec-code
	mvn clean compile -DskipTests
	cd ${GITHUB_WORKSPACE}
	python3 depscan/cli.py --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/rtests_ubuntu -t java --profile research --explain
	env:
	PYTHONPATH: "."
	PYTHONUTF8: 1
	AT_DEBUG_MODE: "debug"
	- uses: actions/upload-artifact@v4
	with:
	name: rtests_ubuntu
	path: rtests_ubuntu
	ubuntu_version_tests2:
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ubuntu-latest]
	python-version: ['3.11']
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip
	python3 -m pip install .[dev]
	npm install -g @cyclonedx/cdxgen
	mkdir -p repotests
	- uses: actions/checkout@v4
	with:
	repository: 'GoogleCloudPlatform/microservices-demo'
	path: 'repotests/microservices-demo'
	- uses: actions/checkout@v4
	with:
	repository: 'OWASP/NodeGoat'
	path: 'repotests/NodeGoat'
	- name: Test container images
	run: \|
	mkdir -p containertests_${{ matrix.os }}
	python3 -m pip install -r contrib/requirements.txt
	cp contrib/csaf.toml repotests/microservices-demo/csaf.toml
	cp contrib/csaf.toml repotests/NodeGoat/csaf.toml
	python3 depscan/cli.py --no-banner --no-error --bom ./test/data/bom-yaml-manifest.json -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-yaml.json --no-vuln-table
	python3 depscan/cli.py --no-banner --no-error -t docker --src ubuntu:latest -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
	python3 depscan/cli.py --csaf --no-banner --no-error -t go --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
	python3 depscan/cli.py --csaf --no-banner --no-error -t js --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PYTHONUTF8: 1
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}
	path: containertests_${{ matrix.os }}
	version_tests_mac_win:
	needs: ubuntu_version_tests
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ macos-latest, windows-latest ]
	python-version: [ '3.10', '3.11', '3.12' ]
	fail-fast: false
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip setuptools
	python3 -m pip install .[dev]
	python3 -m pip install -r contrib/requirements.txt
	- name: Get boms generated earlier
	uses: actions/download-artifact@v4
	with:
	name: containertests_ubuntu-latest_python3.11
	path: containertests_ubuntu-latest_python3.11
	- name: Test container images
	run: \|
	mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	python3 depscan/cli.py --no-banner --cache --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-slim-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json --no-vuln-table
	python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-redmine-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json --no-vuln-table
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PYTHONUTF8: 1
	AT_DEBUG_MODE: "debug"
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	path: containertests_${{ matrix.os }}_python${{ matrix.python-version }}
	version_tests2_mac_win:
	needs: ubuntu_version_tests2
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	os: [ macos-latest, windows-latest ]
	python-version: [ '3.11' ]
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- name: Trim CI agent
	run: \|
	chmod +x contrib/free_disk_space.sh
	./contrib/free_disk_space.sh
	- name: Display Python version
	run: python -c "import sys; print(sys.version)"
	- name: Install dependencies
	run: \|
	python3 -m pip install --upgrade pip
	python3 -m pip install .[dev]
	python3 -m pip install -r contrib/requirements.txt
	- name: Get boms generated earlier
	uses: actions/download-artifact@v4
	with:
	name: containertests_ubuntu-latest
	path: containertests_ubuntu-latest
	- name: Test container images
	shell: bash
	run: \|
	mkdir -p containertests_${{ matrix.os }}
	mkdir -p containertests_ubuntu-latest/microservices
	mkdir -p containertests_ubuntu-latest/NodeGoat
	mv containertests_ubuntu-latest/sbom-msd-go.json containertests_ubuntu-latest/microservices/sbom-msd-go.json
	mv containertests_ubuntu-latest/ng-reports/sbom-js.json containertests_ubuntu-latest/nodegoat/sbom-js.json
	cp contrib/csaf.toml containertests_ubuntu-latest/microservices/csaf.toml
	cp contrib/csaf.toml containertests_ubuntu-latest/nodegoat/csaf.toml
	python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/sbom-rocket-docker.json -o containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
	python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/microservices/sbom-msd-go.json -o containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/reports
	python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/nodegoat/sbom-js.json -o containertests_${{ matrix.os }}/depscan-ng.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
	env:
	PYTHONPATH: "."
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PYTHONUTF8: 1
	AT_DEBUG_MODE: "debug"
	- uses: actions/upload-artifact@v4
	with:
	name: containertests_${{ matrix.os }}
	path: containertests_${{ matrix.os }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Post-vdb6 integration enhancements #857

Workflow file

Post-vdb6 integration enhancements #857

Jobs

Run details

Workflow file for this run