3333name : Test container images
3434 run : |
3535 mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }}
36- # python3 depscan/cli.py --no-banner --cache --no-error --src ghcr.io/owasp-dep-scan/dep-scan -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-scan.json -t docker
37- python3 depscan/cli.py --no-banner --no-error --src shiftleft/scan-slim -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json -t docker,license --no-vuln-table
38- python3 depscan/cli.py --no-banner --no-error --src redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json -t docker --no-vuln-table
36+ # uv run depscan --no-banner --cache --no-error --src ghcr.io/owasp-dep-scan/dep-scan -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-scan.json -t docker
37+ uv run depscan --no-banner --no-error --src shiftleft/scan-slim -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json -t docker,license --no-vuln-table
38+ uv run depscan --no-banner --no-error --src redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json -t docker --no-vuln-table
3939env :
4040 PYTHONPATH : " ."
4141 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
5252 fail-fast : false
5353 steps :
5454 - uses : actions/checkout@v4
55+ - name : Install uv
56+ uses : astral-sh/setup-uv@v5
5557 - name : Set up Python
5658 uses : actions/setup-python@v5
5759 with :
8385 cd ${GITHUB_WORKSPACE}/repotests/java-sec-code
8486 mvn clean compile -DskipTests
8587 cd ${GITHUB_WORKSPACE}
86- python3 depscan/cli.py --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/rtests_ubuntu -t java --profile research --explain
88+ uv run depscan --no-banner --no-error --src ${GITHUB_WORKSPACE}/repotests/java-sec-code --reports-dir ${GITHUB_WORKSPACE}/rtests_ubuntu -t java --profile research --explain
8789env :
8890 PYTHONPATH : " ."
8991 PYTHONUTF8 : 1
@@ -101,6 +103,8 @@ jobs:
101103 fail-fast : false
102104 steps :
103105 - uses : actions/checkout@v4
106+ - name : Install uv
107+ uses : astral-sh/setup-uv@v5
104108 - name : Set up Python
105109 uses : actions/setup-python@v5
106110 with :
@@ -131,10 +135,10 @@ jobs:
131135 python3 -m pip install -r contrib/requirements.txt
132136 cp contrib/csaf.toml repotests/microservices-demo/csaf.toml
133137 cp contrib/csaf.toml repotests/NodeGoat/csaf.toml
134- python3 depscan/cli.py --no-banner --no-error --bom ./test/data/bom-yaml-manifest.json -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-yaml.json --no-vuln-table
135- python3 depscan/cli.py --no-banner --no-error -t docker --src ubuntu:latest -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
136- python3 depscan/cli.py --csaf --no-banner --no-error -t go --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
137- python3 depscan/cli.py --csaf --no-banner --no-error -t js --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
138+ uv run depscan --no-banner --no-error --bom ./test/data/bom-yaml-manifest.json -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-yaml.json --no-vuln-table
139+ uv run depscan --no-banner --no-error -t docker --src ubuntu:latest -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
140+ uv run depscan --csaf --no-banner --no-error -t go --src ${GITHUB_WORKSPACE}/repotests/microservices-demo -o ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
141+ uv run depscan --csaf --no-banner --no-error -t js --src ${GITHUB_WORKSPACE}/repotests/NodeGoat --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
138142env :
139143 PYTHONPATH : " ."
140144 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
@@ -153,6 +157,8 @@ jobs:
153157 fail-fast : false
154158 steps :
155159 - uses : actions/checkout@v4
160+ - name : Install uv
161+ uses : astral-sh/setup-uv@v5
156162 - name : Set up Python
157163 uses : actions/setup-python@v5
158164 with :
@@ -176,8 +182,8 @@ jobs:
176182 - name : Test container images
177183 run : |
178184 mkdir -p containertests_${{ matrix.os }}_python${{ matrix.python-version }}
179- python3 depscan/cli.py --no-banner --cache --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-slim-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json --no-vuln-table
180- python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-redmine-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json --no-vuln-table
185+ uv run depscan --no-banner --cache --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-slim-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-slim.json --no-vuln-table
186+ uv run depscan --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest_python3.11/sbom-redmine-docker.json -o containertests_${{ matrix.os }}_python${{ matrix.python-version }}/depscan-redmine.json --no-vuln-table
181187env :
182188 PYTHONPATH : " ."
183189 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
@@ -196,6 +202,8 @@ jobs:
196202 python-version : [ '3.11' ]
197203 steps :
198204 - uses : actions/checkout@v4
205+ - name : Install uv
206+ uses : astral-sh/setup-uv@v5
199207 - name : Set up Python
200208 uses : actions/setup-python@v5
201209 with :
@@ -226,9 +234,9 @@ jobs:
226234 mv containertests_ubuntu-latest/ng-reports/sbom-js.json containertests_ubuntu-latest/nodegoat/sbom-js.json
227235 cp contrib/csaf.toml containertests_ubuntu-latest/microservices/csaf.toml
228236 cp contrib/csaf.toml containertests_ubuntu-latest/nodegoat/csaf.toml
229- python3 depscan/cli.py --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/sbom-rocket-docker.json -o containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
230- python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/microservices/sbom-msd-go.json -o containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/reports
231- python3 depscan/cli.py --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/nodegoat/sbom-js.json -o containertests_${{ matrix.os }}/depscan-ng.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
237+ uv run depscan --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/sbom-rocket-docker.json -o containertests_${{ matrix.os }}/depscan-rocket.json --no-vuln-table
238+ uv run depscan --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/microservices/sbom-msd-go.json -o containertests_${{ matrix.os }}/depscan-msd.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/reports
239+ uv run depscan --csaf --no-banner --no-error --bom ${GITHUB_WORKSPACE}/containertests_ubuntu-latest/nodegoat/sbom-js.json -o containertests_${{ matrix.os }}/depscan-ng.json --reports-dir ${GITHUB_WORKSPACE}/containertests_${{ matrix.os }}/ng-reports
232240env :
233241 PYTHONPATH : " ."
234242 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments