You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+20-22Lines changed: 20 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,16 +13,18 @@
13
13
Red Hat Dependency Analytics (RHDA) plugin gives you awareness to security concerns within your software supply chain
14
14
while you build your application.
15
15
16
-
**NOTE:**
17
-
<br >The Red Hat Dependency Analytics plugin is an online service hosted and maintained by Red Hat.
16
+
<br >Dependency Analytics only supports the following project ecosystems:
17
+
- Maven
18
+
- Node
19
+
- Golang
20
+
- Python
21
+
- Gradle
22
+
23
+
<br >**NOTE:**
24
+
The Red Hat Dependency Analytics plugin is an online service hosted and maintained by Red Hat.
18
25
Dependency Analytics only accesses your manifest files to analyze your application dependencies before displaying the
19
26
vulnerability report.
20
27
21
-
**IMPORTANT:**
22
-
<br >Currently, Dependency Analytics only supports projects that use Maven (`mvn`), Node (`npm`), Golang (`go mod`),
23
-
Python (`pip`) and Gradle (`gradle`) ecosystems, and base images in `Dockerfile`.
24
-
In future releases, Red Hat plans to support other programming languages.
25
-
26
28
##### Table of Contents
27
29
28
30
-[Red Hat Dependency Analytics](#red-hat-dependency-analytics)
@@ -45,10 +47,8 @@ In future releases, Red Hat plans to support other programming languages.
45
47
- For Golang projects, analyzing a `go.mod` file, you must have the `go` binary in your IDE's `PATH` environment.
46
48
- For Python projects, analyzing a `requirements.txt` file, you must have the `python3` and `pip3` binaries in your
47
49
IDE's `PATH` environment.
48
-
- For base images, analyzing a `Dockerfile`, you must have
49
-
the [`syft`](https://github.com/anchore/syft?tab=readme-ov-file#installation)
50
-
and [`skopeo`](https://github.com/containers/skopeo/blob/main/install.md) binaries in your IDE's `PATH`
51
-
environment.
50
+
- For Gradle projects, analyzing a `build.gradle` file, you must have the `gradle` binary in your system's `PATH` environment.
51
+
- For base images, analyzing a `Dockerfile`, you must have the [`syft`](https://github.com/anchore/syft?tab=readme-ov-file#installation) and [`skopeo`](https://github.com/containers/skopeo/blob/main/install.md) binaries in your IDE's `PATH` environment.
52
52
53
53
**Procedure**
54
54
@@ -79,28 +79,28 @@ according to your preferences.
79
79
**Configurable parameters**
80
80
81
81
-**Maven** :
82
-
<br >Set the full path of the Maven executable, which allows Exhort to locate and execute the `mvn` command to resolve
82
+
<br >Set the full path of the Maven executable, which allows Exhort to locate and run the `mvn` command to resolve
83
83
dependencies for Maven projects.
84
84
<br >Path of the `JAVA_HOME` directory is required by the `mvn` executable.
85
85
<br >If the paths are not provided, your IDE's `PATH` and `JAVA_HONE` environments will be used to locate the
86
86
executables.
87
87
88
88
-**Node** :
89
-
<br >Set the full path of the Node executable, which allows Exhort to locate and execute the `npm` command to resolve
89
+
<br >Set the full path of the Node executable, which allows Exhort to locate and run the `npm` command to resolve
90
90
dependencies for Node projects.
91
91
<br >Path of the directory containing the `node` executable is required by the `npm` executable.
92
92
<br >If the paths are not provided, your IDE's `PATH` environment will be used to locate the executables.
93
93
94
94
-**Golang** :
95
-
<br >Set the full path of the Go executable, which allows Exhort to locate and execute the `go` command to resolve
95
+
<br >Set the full path of the Go executable, which allows Exhort to locate and run the `go` command to resolve
96
96
dependencies for Go projects.
97
97
<br >If the path is not provided, your IDE's `PATH` environment will be used to locate the executable.
98
98
<br >When option `Strictly match package version` is selected, the resolved dependency versions will be compared to
99
99
the versions specified in the manifest file, and users will be alerted if any mismatch is detected.
100
100
101
101
-**Python** :
102
102
<br >Set the full paths of the Python and the package installer for Python executables, which allows Exhort to locate
103
-
and execute the `pip3` commands to resolve dependencies for Python projects.
103
+
and run the `pip3` commands to resolve dependencies for Python projects.
104
104
<br >Python 2 executables `python` and `pip` can be used instead, if the `Use python 2.x` option is selected.
105
105
<br >If the paths are not provided, your IDE's `PATH` environment will be used to locate the executables.
106
106
<br >When option `Strictly match package version` is selected, the resolved dependency versions will be compared to
@@ -111,17 +111,17 @@ according to your preferences.
111
111
feature cannot be enabled when `Strictly match package version` is selected).
112
112
113
113
-**Gradle** :
114
-
<br >Set the full path of the Gradle executable, which allows Exhort to locate and execute the `gradle` command to resolve
114
+
<br >Set the full path of the Gradle executable, which allows Exhort to locate and run the `gradle` command to resolve
115
115
dependencies for Gradle projects.
116
116
<br >By not setting a path to the gradle binary, IntelliJ IDEA uses its default path environment to locate the file.
117
117
118
118
119
119
-**Image** :
120
-
<br >Set the full path of the Syft executable, which allows Exhort to locate and execute the `syft` command to
120
+
<br >Set the full path of the Syft executable, which allows Exhort to locate and run the `syft` command to
121
121
generate Software Bill of Materials for the base images.
122
122
<br >Optionally, set the full path of the Docker or Podman executable. Syft will attempt to find the images in the
123
123
Docker or Podman daemon with the executable. Otherwise, Syft will try direct remote registry access.
124
-
<br >Set the full path of the Skopeo executable, which allows Exhort to locate and execute the `skopeo` command to
124
+
<br >Set the full path of the Skopeo executable, which allows Exhort to locate and run the `skopeo` command to
125
125
determine the image digests.
126
126
<br >If the paths are not provided, your IDE's `PATH` environment will be used to locate the executables.
127
127
<br >If a Syft configuration file is used and not at the
@@ -130,10 +130,8 @@ according to your preferences.
130
130
<br >If
131
131
an [authentication file](https://github.com/containers/skopeo/blob/3eacbe5ae2fe859f872a02bf28c16371fb1de7b8/docs/skopeo-inspect.1.md#options)
132
132
is applied for `skopeo inspect`, set the full path to the file in configuration.
133
-
<br >If platform is not specified in the `Dockerfile` for multi-platform images and a default platform should be
134
-
applied, set the default platform in the configuration. Otherwise, set the full path of the Docker or Podman
135
-
executable, then Exhort will use the executable to determine the image platform based on the OS and architecture of
136
-
the container runtime.
133
+
<br >If platform is not specified in the `Dockerfile` for multi-platform images the default platform is used, as set in the configuration.
134
+
Otherwise, set the full path of the Docker or Podman executable, then Exhort will use the executable to find the image platform based on the operating system and architecture of the container runtime.
137
135
138
136
-**Inline Vulnerability Severity Alerts** :
139
137
<br >You can set the vulnerability severity alert level to `Error` or `Warning` for inline notifications of detected
0 commit comments