scality
diff --git a/‎.devcontainer/Dockerfile‎
Lines changed: 4 additions & 14 deletions b/‎.devcontainer/Dockerfile‎
Lines changed: 4 additions & 14 deletions
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 17 additions & 3 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 17 additions & 3 deletions
diff --git a/‎.devcontainer/requirements.txt‎
Lines changed: 4 additions & 0 deletions b/‎.devcontainer/requirements.txt‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎.devcontainer/setup.sh‎
100644100755
Lines changed: 6 additions & 0 deletions b/‎.devcontainer/setup.sh‎
100644100755
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/tests.yaml‎
Lines changed: 28 additions & 30 deletions b/‎.github/workflows/tests.yaml‎
Lines changed: 28 additions & 30 deletions
diff --git a/‎.gitignore‎
Lines changed: 0 additions & 7 deletions b/‎.gitignore‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 23 additions & 0 deletions b/‎CONTRIBUTING.md‎
Lines changed: 23 additions & 0 deletions
@@ -1,18 +1,5 @@
 FROM mcr.microsoft.com/devcontainers/base:jammy
 
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    curl -O -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh && \
-    sudo sh install.sh -b /usr/local/bin
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    curl -O -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh && \
-    sudo sh install.sh -b /usr/local/bin
-
-RUN export DEBIAN_FRONTEND=noninteractive && \
-    curl -O -sSfL https://aquasecurity.github.io/trivy-repo/deb/public.key && \
-    sudo apt-key add public.key && \
-    echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | tee -a /etc/apt/sources.list.d/trivy.list
-
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
     apt-get install --no-install-recommends -y \
@@ -21,11 +8,14 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
         bash-completion \
         curl \
         git \
+        python3-pip \
         p7zip-full \
         skopeo \
         tmux \
-        trivy \
         vim \
         && \
     apt-get clean
+COPY requirements.txt /tmp/requirements.txt
+RUN python3 -m pip install --no-cache-dir --upgrade pip && \
+    python3 -m pip install --no-cache-dir -r /tmp/requirements.txt
 USER vscode
@@ -5,17 +5,31 @@
   },
   "features": {
     "ghcr.io/devcontainers/features/github-cli:1": {},
-    "ghcr.io/devcontainers/features/sshd:1": {}
+    "ghcr.io/devcontainers/features/sshd:1": {},
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {}
   },
   "customizations": {
     "vscode": {
       "extensions": [
+        //Python support
+        "ms-python.python",
+        //Python test explorer
+        "littlefoxteam.vscode-python-test-adapter",
+        //PEP Pyton formatter
+        "ms-python.black-formatter",
+        //Python debugger
+        "ms-python.debugpy",
+        //Github Action helper
         "github.vscode-github-actions",
+        //Github Copilot
         "GitHub.copilot",
+        //Github Copilot chat
         "GitHub.copilot-chat",
+        //Github Pull Request
         "GitHub.vscode-pull-request-github",
-        "ms-vscode-remote.remote-containers",
+        //Git history
         "donjayamanne.githistory",
+        //Git blame
         "solomonkinard.git-blame"
       ],
       "settings": {
@@ -30,5 +44,5 @@
     }
   },
   "remoteUser": "vscode",
-  "postCreateCommand": ".devcontainer/setup.sh"
+  "postCreateCommand": "bash .devcontainer/setup.sh"
 }
@@ -0,0 +1,4 @@
+requests==2.31.0
+GitPython==3.1.43
+pyunpack==0.3
+patool==2.2.0
@@ -19,4 +19,10 @@ fi
 echo "Updating localtime"
 sudo ln -fs /usr/share/zoneinfo/UTC /etc/localtime
 
+# Install act
+gh extension install https://github.com/nektos/gh-act
+
+# Install dependencies
+echo "Installing dependencies"
+python3 src/main.py install
 echo "End of setup"
@@ -2,56 +2,54 @@ name: "action-test"
 on:
   push:
   pull_request:
-  workflow_dispatch:
-    inputs:
-      ref:
-        description: "the git revision to checkout"
-        required: false
-      repo:
-        description: "repository to scan"
-        required: false
-      input_path:
-        description: "path to the repository"
-        default: "."
-        required: false
-      output_path:
-        description: "path to store the sbom"
-        default: "."
-        required: false
 
 jobs:
-
   test-as-action:
     runs-on: ubuntu-22.04
     steps:
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
           path: ./
+          fetch-depth: 0
+          fetch-tags: true
 
-      - name: Install syft
+      - name: Download artifact
         shell: bash
-        run: |
-          export DEBIAN_FRONTEND=noninteractive && \
-          curl -O -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh && \
-          sudo sh install.sh -b /usr/local/bin
+        run: curl -o /tmp/Core-15.0.iso https://distro.ibiblio.org/tinycorelinux/15.x/x86/release/Core-15.0.iso
+
+      - name: Scan repo
+        uses: ./
+        with:
+          target: ./
+          output-dir: "/tmp/test/sbom"
+          syft-version: "1.1.0"
+          vuln-report: True
 
-      - name: Run syft
+      - name: Scan directory
         uses: ./
         with:
-          repo: sbom-test
-          input_path: ./tests
-          output_path: .
-          generate_vulnerability_report: "true"
+          target: /etc
+          output-dir: "/tmp/test/sbom"
+          name: "ghactionetc"
+
+      - name: Scan iso
+        uses: ./
+        with:
+          target: /tmp/Core-15.0.iso
+          output-dir: "/tmp/test/sbom"
+          version: "15.0"
+          name: "tinycorelinux"
+          vuln-report: False
 
       - name: Print the content of generated sbom file
+        shell: bash
         run: |
-          for sbom in repo_*.json; do
+          for sbom in /tmp/test/sbom/*.json; do
             echo "Content of $sbom"
             cat $sbom
           done
-          for sbom in repo_*.html; do
+          for sbom in /tmp/test/sbom/reports/*.html; do
             echo "Content of vulnerability result for SBOM: $sbom"
             cat $sbom
           done
@@ -66,8 +66,6 @@ dist/
 downloads/
 eggs/
 .eggs/
-lib/
-lib64/
 parts/
 sdist/
 var/
@@ -223,11 +221,6 @@ pyrightconfig.json
 
 ### VisualStudioCode ###
 .vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
-!.vscode/*.code-snippets
 
 # Local History for Visual Studio Code
 .history/
 
@@ -0,0 +1,23 @@
+# Contributing
+
+Contributions are welcome! Please follow the guidelines below.
+
+## Codespaces
+
+This project is configured to work with GitHub Codespaces. To open the project in a Codespace, click the button below:
+
+[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/scality/sbom)
+
+## Run the action locally
+
+`act` can be used to run the GitHub Actions workflow locally.
+It has been installed through the `gh` extension.
+To run the workflow locally, execute the following command:
+
+```bash
+gh act push --rm --workflows=.github/workflows/tests.yaml -P ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
+```
+
+For more information on how to use `act`, please refer to the [official documentation] or run `gh act --help`.
+
+[official documentation]: https://nektosact.com/introduction.html