Nathan Nguyen
Nathan Nguyen
This pull request modifies the check execution in Macaron from a multi-threaded implementation to a single-threaded one. This change is for a couple of reasons: * The multithreaded solution was...
We can consider creating "Macaron plugins for text editors/IDEs" to support some use cases: - Report issues in build config (e.g. GitHub Actions workflow files) directly within the text editor....
# Reproduction We use the `macaron analyze` command under the use case of "user providing both a PackageURL to identify a software component and a repo URL explicitly". ``` macaron...
We are planning to add some tutorials for Macaron that demonstrate some main use cases of Macaron. These tutorials will mainly target new users. In these tutorials, we can, for...
New check idea: Macaron can look for CVEs against the build platform/CI service version that builds an artifact. The idea of this new check was originally motivated by this security...
In general, a repository has its own `mvnw`/`gradlew`, we should prioritize using it over Macaron's built-in `mvnw`/`gradlew`. Macaron's built-in `mvnw`/`gradlew` should still be used as a fallback option. At the...
Currently, the "Using Macaron" page on the Macaron HTML documentation has a few issues. Possible improvements include: * Clearly separating different use cases of Macaron into top-level sections: There should...
In pull request #349, we added support for JFrog Artifactory as a package registry. However, only support for Gradle projects was added. We need to add support for other ecosystems...
Someone who is new to Macaron or to the topic of supply-chain security as a whole may not be familiar with all of the terms that we use. A terminology...