Trong Nhan Mai

Results 27 issues of Trong Nhan Mai

Add documentation on how the HTML reports are created

**Description** This PR is used to track the progress of adding the documentation for maintaining the HTML reports created by Macaron (in the Sphinx documentation's `Deverloper Reference` section or as...

documentation
report

Make sure the example reports in the Sphinx documentation is synced automatically

**Description** Originated from the discussion in https://github.com/oracle-samples/macaron/pull/232: https://github.com/oracle-samples/macaron/pull/232#issuecomment-1566480512

documentation

Explore support for GraalVM Native image

Recently, we discovered that [Syft](https://github.com/anchore/syft), an SBOM generator for container images, has support for GraalVM Native image - https://github.com/anchore/syft/blob/main/syft/pkg/cataloger/java/graalvm_native_image_cataloger.go However, I haven't tried out an example to see the content...

integration

Unit tests in tests/slsa_analyzer/build_tool/test_gradle.py rely on network

1 comment

This applies for unit tests in `tests/slsa_analyzer/build_tool/test_gradle.py` that test the method `get_group_ids` https://github.com/oracle/macaron/blob/5522ec103d586789ec1a99db29c02d94a7949656/src/macaron/slsa_analyzer/build_tool/gradle.py#L170 This method eventually invokes `get_group_id` method that creates a subprocess to call `gradlew` shipped with Macaron or...

tests
build_tools

test: add analysis report JSON schema validation

Closes #769 . This Pull Request makes the following changes: - https://github.com/oracle/macaron/pull/824/commits/93d23907f2bbbbb9524b2bba2bb4fc404a50c8b3 - Add a script to validate the JSON schema of JSON reports generated by Macaron - `tests/analyze_report_json_schema/schema_validate.py` -...

OCA Verified

The values stored within some CheckFacts instances are not consistent.

During my exploration, I noticed something with our current setup of checks. Let's take the build as code check as an example. The build as code check will create instances...

feat: obtain Java and Python artifacts from .m2 or Python virtual environment from input (WIP)

Closes #811 - [x] Add `--local-maven-repo` as CLI option - [x] Handle mounting .m2 depending on user provided `--local-maven-repo` into the container. - [x] Add integration tests for invalid usages...

OCA Verified

Add an integration test for checking Sonatype API version

Remove the deprecated `--skip-deps` flag

We will completely remove `--skip-deps` flag after the release containing the changes mentioned in https://github.com/oracle/macaron/issues/838 is out

cli

pkg:maven/com.simplaex/[email protected] got UNKNOWN for mcn_scm_authenticity_1, expect FAILED

## Reproduce the issue I ran this on Macaron at commit 9d5de67040be5975ebfd211f34b8d11f4de567b2 ```bash # Assume the development environment has been setup macaron analyze -purl pkg:maven/com.simplaex/[email protected] ``` ## The issue Macaron...

bug
checks