Planned Deprecation: GitHub Releases of DevSkim BInaries

[gfs]

We currently publish platform specific binaries of DevSkim to GitHub releases concurrently with publishing to Nuget/VS Marketplace. These releases do not receive much usage, and so we are planning to cease publishing releases in this manner and only publish to Nuget/VS Marketplace.

I am opening this thread for any feedback on these plans.

[JaneX8]

I appreciate the releases on GitHub. Maybe we can use more automation to reduce workload for publishing new releases to multiple platforms. Let me know if I can help.

[gfs]

Thanks for the feedback. It's helpful to know that they are being used. Is there a particular way you use DevSkim that makes the native binaries more convenient than installing via the .NET SDK - or is it just not using the .NET SDK for anything else?

[JaneX8]

The latter. It is useful because I use DevSkim CLI to generate a Sarif file, it's part of a bigger script that does Static Code Analysis with different tools, inside a Linux Docker container. Using the release makes my Dockerfile much simpler, image build time less and image size potentially smaller when less dependencies are needed. I don't use anything else from .NET.

The only suggestion for improvement I can make is adding the architecture to the release filenames for clarity, and perhaps adding support for ARM/AArch, #673. And perhaps #648.

Moreover, from a accessibility and ease-of-use point-of-view the current GH release would in theory make it very easy for package managers such as scoop.sh/chocolatey/homebrew etc, to install and use DevSkim in different environments.

[gfs]

FWIW, its very easy to configure docker with the .NET SDK - including layer on top of the official .NET docker image: https://learn.microsoft.com/en-us/dotnet/architecture/microservices/net-core-net-framework-containers/official-net-docker-images.

For example: https://github.com/microsoft/DevSkim-Action/blob/main/Dockerfile