diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index caf9de3956..65b569dc61 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -15,7 +15,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 permissions: security-events: write id-token: write diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index cf495f56cc..68216335d8 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -47,7 +47,6 @@ jobs: files.pythonhosted.org:443 github.com:443 pypi.org:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: @@ -64,7 +63,6 @@ jobs: run: | cd doc/ sphinx-build -b html . _build - tests: name: Linux tests permissions: @@ -125,7 +123,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -184,7 +181,6 @@ jobs: pytest -v --durations=50 test/test_cli.py test/test_cvedb.py - long_tests: name: Long tests on Python 3.13 permissions: @@ -221,7 +217,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -285,7 +280,7 @@ jobs: --ignore=test/test_language_parser.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -338,7 +333,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -388,7 +382,7 @@ jobs: test/test_language_scanner.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -441,7 +435,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -491,7 +484,7 @@ jobs: test/test_scanner.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -544,7 +537,6 @@ jobs: echo "sbom=false" >> $GITHUB_ENV echo "sbom set to false" fi - - name: Get date id: get-date run: | @@ -595,7 +587,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.xml @@ -653,6 +645,8 @@ jobs: osv-vulnerabilities.storage.googleapis.com:443 packages.microsoft.com:443 playwright.azureedge.net:443 + cdn.playwright.dev:443 + playwright.download.prss.microsoft.com:443 ppa.launchpadcontent.net:443 pypi.org:443 release-monitoring.org:443 @@ -662,7 +656,6 @@ jobs: storage.googleapis.com:443 www.cisa.gov:443 www.sqlite.org:443 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: @@ -718,6 +711,10 @@ jobs: python -m pip install --upgrade wheel python -m pip install --upgrade -r dev-requirements.txt python -m pip install --editable . + + - name: Set Playwright download host + run: echo "PLAYWRIGHT_DOWNLOAD_HOST=https://playwright.azureedge.net" >> $GITHUB_ENV + - name: Install playwright dependencies for HTML tests run: | python -m playwright install chromium --with-deps @@ -744,7 +741,6 @@ jobs: run: > pytest -v --durations=0 test/test_json.py - windows_long_tests: name: Windows long tests permissions: @@ -873,7 +869,7 @@ jobs: -o junit_family=legacy --durations=50 - name: Upload code coverage to codecov - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1 with: files: coverage.xml flags: windows_long_tests @@ -888,4 +884,3 @@ jobs: flags: windows_long_tests files: junit.xml fail_ci_if_error: false - diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b0884bdfc8..498340b099 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,7 +6,6 @@ repos: verbose: True exclude: ^(locales|presentation|fuzz/generated|test|cve_bin_tool/checkers|build) args: ["-vv", "-i", "-I", "-M", "-C", "-n", "-p", "-f", "60.0"] - # args for cut and paste: interrogate -vv -i -I -M -C -n -p -f 60.0 - repo: https://github.com/pycqa/isort rev: 6.0.1 @@ -73,7 +72,7 @@ repos: doc/.*| test/test_data/.*| test/__init__.py| - test/test_file.py|s + test/test_file.py| test/test_requirements.py| test/test_strings.py| test/test_triage.py| @@ -97,3 +96,10 @@ repos: ] language: python types: [text] + + # ✅ Add Markdown Linter **without removing other linters** + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.44.0 + hooks: + - id: markdownlint + args: ["--disable", "MD013", "MD033"] # Disable long lines & inline HTML rules \ No newline at end of file diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000000..5c4a6455c2 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,6 @@ +{ + "name": "cve-bin-tool", + "lockfileVersion": 3, + "requires": true, + "packages": {} +}