macaron icon indicating copy to clipboard operation
macaron copied to clipboard
verified publisher icon oracle

feat: add pypi attestation discovery

Open benmss opened this issue 8 months ago • 0 comments

Summary

This PR adds discovery of PyPI attestation. URLs to these attestation files are sought via the deps.dev API.

Description of changes

  • DepsDevRepoFinder was updated to use the DepsDevService, ensuring consistent and easily configurable use of the API
  • Tests were added for DepsDevRepoFinder functions (they were not added previously), including for the functions that PyPI attestation discovery relies upon.
  • PyPI attestations do not have a predicate. The pypi-attestation is used to extract information from the attestation certificate. This information is coerced into a predicate for use elsewhere within Macaron.
  • Addition of an integration test case using the ultralytics Python library as its target.

Related issues

Closes #947

benmss avatar Apr 24 '25 03:04 benmss