Skip to content
This repository has been archived by the owner on Feb 27, 2024. It is now read-only.

Initial v1.0.0 release

Latest
Latest
Compare
Choose a tag to compare
@loredous loredous released this 14 Apr 17:18
· 16 commits to main since this release
v1.0.0
13b06c1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is the initial v1.0.0 release of the Build Inspector service.

This release adds support for the following dependency managers:

  • Pip
  • Yum
  • Apt
  • Docker Build
  • Ruby Bundle
  • NPM
  • Go Get
  • Maven
  • NuGet
  • Wget
  • Curl

This release adds the following finding rules:

  • RSA Private Key - Warns of potential RSA Private key exposure in logs
  • Warning - Notes any warnings shown in the logs
  • Curl-bash - Warns of many forms of curl|bash pipe behavior that could lead to running compromised code

What's Changed

  • Add Github workflow for Pytest unit tests by @loredous in #5
  • Bump pydantic from 1.8.1 to 1.8.2 in /code by @dependabot in #2
  • Bump certifi from 2021.10.8 to 2022.12.7 in /tests/automated_functional_test by @dependabot in #1
  • Bump fastapi from 0.63.0 to 0.65.2 in /code by @dependabot in #3
  • Bump starlette from 0.14.2 to 0.25.0 in /code by @dependabot in #7
  • Add docker image build action by @loredous in #9
  • adjust wget parser for improved performance by @loredous in #13
  • Implement basic config file and parsing timeout logic by @loredous in #18
  • Optimized regex parser for Curl dependency manager by @pavsorab in #19
  • Add Docker image build action to repository by @loredous in #20
  • Functional test enhancement by @loredous in #21

New Contributors

Full Changelog: https://github.com/vmware-labs/build-inspector/commits/v1.0.0

Contributors

loredous, pavsorab, and dependabot
Assets 2
Loading