Skip to content

[CRAVEX] SCA Integrations: OWASP dep-scan #1825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Aug 25, 2025
Merged

[CRAVEX] SCA Integrations: OWASP dep-scan #1825

merged 21 commits into from
Aug 25, 2025

Conversation

@tdruez
Copy link
Contributor

@tdruez tdruez commented Aug 25, 2025
edited
Loading

This PR adds support for importing SBOMs generated with OWASP dep-scan.

Changes:

  • Add a unit test to ensure the OWASP dep-scan SBOM support
  • Add a GitHub workflow that runs every week to ensure the OWASP dep-scan SBOM support (see below for details)

Workflow

Available at .github/workflows/sca-integration-depscan.yml

Documentation:

# This workflow:
#  1. Generates a CycloneDX SBOM for a container image using OWASP dep-scan.
#  2. Uploads the SBOM as a GitHub artifact for future inspection.
#  3. Loads the SBOM into ScanCode.io for further analysis.
#  4. Runs assertions to verify that the SBOM was properly processed in ScanCode.io.
#
# It runs on demand, and once a week (scheduled).

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 25, 2025
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 25, 2025
View reviewed changes
tdruez added 17 commits August 25, 2025 12:36
@tdruez
Debug GitHub workflow for OWASP dep-scan
4c61e96 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
ef62b91 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
8afe73f 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
29101bd 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
067965d 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
83e30eb 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
98f3577 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
1aa93ea 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
52d5d6e 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
2860501 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
da75f7f 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
9ad9579 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
680fe09 
Signed-off-by: tdruez <[email protected]>
@tdruez
Debug GitHub workflow for OWASP dep-scan
88433f9 
Signed-off-by: tdruez <[email protected]>
@tdruez
Add entry in the FAQ about OWASP dep-scan support
0283084 
Signed-off-by: tdruez <[email protected]>
@tdruez
Add unit test for the OWASP dep-scan SBOM support
4ab1618 
Signed-off-by: tdruez <[email protected]>
@tdruez
Fix code format
f1bc54b 
Signed-off-by: tdruez <[email protected]>
@tdruez tdruez merged commit 08e4e75 into main Aug 25, 2025
14 checks passed
@tdruez tdruez deleted the 1733-sca-integration-depscan branch August 25, 2025 16:57
@tdruez tdruez mentioned this pull request Aug 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tdruez