Trong Nhan Mai

# Reproducing the issue ``` macaron analyze -purl pkg:maven/dev.sigstore/[email protected] ``` The Build As Code check passed with the following two deploy commands: - `["mvn", "clean", "deploy", "--no-transfer-progress", "$@"]` - `["mvn",...

This tutorial is for the feature implemented in #864 .

There are some integration test case directories where their names still mention the deprecated yaml input (removed in #418 ). - `tests/integration/cases/apache_maven_yaml_input_no_deps_and_skip_deps` - `tests/integration/cases/apache_maven_yaml_input_skip_deps` These directories can be renamed to:...

# Description In this test module - https://github.com/oracle/macaron/blob/612e27ec347e7e073311b65a32b9eec8c6ba7d5c/tests/malware_analyzer/pypi/test_pypi_sourcecode_analyzer.py, we are mocking the `defaults` object to test some behaviors relating to some source code analysis configuration in `defaults.ini`. # Expectation In...

### Description The Package URL pkg:maven/org.apache.hugegraph/[email protected] was built using JDK11 in its Github Action pipeline. However, Macaron reports JDK version 8. ### Steps to Reproduce ``` # Assume you have...

### Description The class instances of type `SetupJava`, `OracleSetupJava` and `GraalVMSetup` do not have the attribute `action_version`. This is unexpected because `action_version` is inherited from the base class `ThirdPartyAction` ###...

### Description Currently there are 3 places where debug messages like ``` [DEBUG] Workflow is not relevant. Skipping... ``` are printed out. 1. https://github.com/oracle/macaron/blob/23c7fdbfeb15c5d286373be4471be1dc3ec8d231/src/macaron/slsa_analyzer/checks/build_as_code_check.py#L163 2. https://github.com/oracle/macaron/blob/32aa0ccf0f552df3e90563653415bd38a3feac6a/src/macaron/slsa_analyzer/checks/github_actions_vulnerability_check.py#L110 3. https://github.com/oracle/macaron/blob/4235041f706c7a811b5ddf369e26549bdea0206f/src/macaron/slsa_analyzer/checks/trusted_builder_l3_check.py#L126 Even though...