| Age | Commit message (Collapse) | Author |
|---|
|
docs: update CHANGELOG and version
feat: scan packages in parallel
fix: prevent infinite recursion
|
|
|
|
Caused by:
* https://gitlab.com/gitlab-org/security-products/tests/go-modules/-/merge_requests/59
|
|
|
|
* docs: Add changelog entry
* fix: update spec to match expected behaviour
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Update CHANGELOG
* Add default retry for all jobs
* Ensure all deb packages are built
|
|
Related to changes in https://gitlab.com/gitlab-org/security-products/tests/csharp-nuget-dotnetcore/-/merge_requests/19
|
|
* Add test to install composer packages from custom TLS endpoint
* Remove dev dependencies from fixture files
* Install composer packages in vendor_path
* Bump version and update CHANGELOG
|
|
|
|
* Let maven figure out the version of the license plugin that it is compatible with
* Print the error when the setup fails
* Add tests for multiple versions of maven and java
* Install packages into a project specific directory to prevent cross test pollution
* Specify the list of supported Maven versions
* Update CHANGELOG and bump the version
|
|
* Install custom ca certificate in location where nuget can recognize it
* Add subject alternative name to the generate x509 cert
* Do not cache packages and https requests
* Detect vbproj, fsproj, csproj, and sln files
* Improve nuget package detection
* Parse SPDX license expression from nuspec files
* Update version and update CHANGELOG
|
|
|
|
* Bump version and add CHANGELOG entry
* Configure Bundler logging
* Include install_path of gem
* Use gem summary and full_gem_path
* Specify a vendor path to install dependencies to prevent leakage between tests and take advantage of build job cache
|
|
* Install license_finder ~> 6.6 into default gems
|
|
* Update CHANGELOG and fix typo
* Render severity based on exit code
* Explicitly specify the default GOPROXY
* Default to -mod=readonly and allow override
* Do not modify `vendor` directory if it exists.
* Skip `go mod tidy` to prevent modifying projects files.
* Include dependencies that appear in go.mod but are not present in the
vendor directory.
* Remove severity from log output
* Wipe golang module cache before each spec
```plaintext
The -mod build flag provides additional control over updating and use of
go.mod.
If invoked with -mod=readonly, the go command is disallowed from the
implicit automatic updating of go.mod described above. Instead, it fails
when any changes to go.mod are needed. This setting is most useful to
check that go.mod does not need updates, such as in a continuous
integration and testing system. The "go get" command remains permitted
to update go.mod even with -mod=readonly, and the "go mod" commands do
not take the -mod flag (or any other build flags).
If invoked with -mod=vendor, the go command loads packages from the main
module's vendor directory instead of downloading modules to and loading
packages from the module cache. The go command assumes the vendor
directory holds correct copies of dependencies, and it does not compute
the set of required module versions from go.mod files. However, the go
command does check that vendor/modules.txt (generated by 'go mod
vendor') contains metadata consistent with go.mod.
If invoked with -mod=mod, the go command loads modules from the module
cache even if there is a vendor directory present.
If the go command is not invoked with a -mod flag and the vendor
directory is present and the "go" version in go.mod is 1.14 or higher,
the go command will act as if it were invoked with -mod=vendor.
```
- https://golang.org/cmd/go/#hdr-Maintaining_module_requirements
|
|
|
|
* Scan the conan examples project
* Split licenses by comma
* Add integration test job for c projects
* Add package_manager, version and path to v2.1 report
* Detect collisions between names from different package managers
* Add CHANGELOG entry
* Update README to indicate Conan support
* Print timestamps in install script
|
|
* Move jobs to gitlab-ci.yml files that match the stage they belong to.
* Move linter job to build stage
* Add functional test jobs
* Reduce max size to 2 GB
* Pass the current pipeline image to the downstream jobs
* Replace `edge` tag with `latest`
* Use $CI_DEFAULT_BRANCH instead of master
* Move `.env*` files to config dir and update RELEASE instructions
* Combine `tag` and `release` stages into `deploy` stage as recommended in GitLab docs
* Make the `build-docker-image` job interruptible
* Fix issues found in code quality report
|
|
* Add missing packages to report fixtures
|
|
* Inline creation of PipPackage in legacy scan results
* Add CHANGELOG entry
|
|
* Add tests for js projects with npm-lock.json file
* Add specs for project that does not have a package-lock.json
* Fix typo in loading fixture file content not path
* Remove dev dependencies for expected js test reports
* Add spec for using different engine
* Add latest nodejs LTS
* Cleanup files after install and disable NPM update checks
* Install a .curlrc to remove progress meter
* Export LOG_LEVEL=debug in dev mode
* Update fixture files
* Update to latest patch level of nodejs, php, python, ruby
* Add CHANGELOG entry
* Move prepare_javascript from bash to ruby
|
|
* Exclude dependencies in "develop" group"
* Install pipenv by default
* Use .venv to match the default location as pipenv
* Use pip-licenses to detect licenses in Pipfile project
* Add variation of the MIT License
* Redirect asdf install stdout to /dev/null
* Add CHANGELOG entry and bump version
|
|
* Add PIL License to list of normalized licenses
* Update Python 3 v2.0 report fixture
* Add CHANGELOG entry
* Define local variables in bash functions
* Ensure `SETUP_CMD` continues to work for python projects
* build virtualenv app-data cache
* Fallback to legacy scanner when SETUP_CMD is used
* Extract Shell class to be able to pass custom env
|
|
* Install packages when multiple maven modules are detected
* Add CHANGELOG entry
* Install gem silently
* Add package manager to test description
* Sort paths
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
