sonar-cryptography
sonar-cryptography copied to clipboard
cbomkit
This repository contains a SonarQube Plugin that detects cryptographic assets in source code and generates CBOM.
Bumps [org.sonarsource.sonarqube:sonar-plugin-api-impl](https://github.com/SonarSource/sonarqube) from 25.3.0.104237 to 25.5.0.107428. Release notes Sourced from org.sonarsource.sonarqube:sonar-plugin-api-impl's releases. 25.5.0.107428 See details in the community announcement, and more in the release notes. 25.4.0.105899 See details in the...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps `sonar.python.version` from 5.1.0.20567 to 5.4.0.22255. Updates `org.sonarsource.python:sonar-python-plugin` from 5.1.0.20567 to 5.4.0.22255 Commits See full diff in compare view Updates `org.sonarsource.python:python-checks-testkit` from 5.1.0.20567 to 5.4.0.22255 Commits See full diff in...
An empty CBOM will be generated even if no SonarQube rule is activated. This should not be the case.
This issue is related to [PR 98](https://github.com/IBM/cbomkit/pull/98). The attempt to scan GitUrl: `https://github.com/numpy/numpy` Branch: `v2.2.0` led to an exception when scanning file https://github.com/numpy/numpy/blob/main/numpy/_core/tests/test_ufunc.py: ``` : java.lang.NumberFormatException: For input string: ".3"...
Given for example [keycloak (#9c2825eb0e64aa7ea40b8dc3605d37046f6a24cb)](https://github.com/keycloak/keycloak/tree/9c2825eb0e64aa7ea40b8dc3605d37046f6a24cb), when scanned the logged statistic would indicated that 94 assets were detected. However the cbom (attached) contains 138 finding. [cbom.json](https://github.com/user-attachments/files/19390912/cbom.json)
you folks are doing a great job. We were trying to generate a CBOM for some codebase and its working when we exclude certain sections of directories from scan but...
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. Release notes Sourced from actions/checkout's releases. v6.0.0 What's Changed Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248 Persist...
Bumps the maven group with 2 updates in the / directory: [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) and [org.cyclonedx:cyclonedx-core-java](https://github.com/CycloneDX/cyclonedx-core-java). Bumps the maven group with 1 update in the /common directory: [ch.qos.logback:logback-core](https://github.com/qos-ch/logback). Bumps the maven group...
Bumps [cbomkit/cbomkit-action](https://github.com/cbomkit/cbomkit-action) from 2.1.1 to 2.1.2. Release notes Sourced from cbomkit/cbomkit-action's releases. v2.1.2 What's Changed fix: serialNumber in consolidated CBOM by @san-zrl in cbomkit/cbomkit-action#48 Create CBOM in workflow by @san-zrl...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. Release notes Sourced from actions/upload-artifact's releases. v5.0.0 What's Changed BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but...