Sync v1.4.0 to 1.x #135

bluesentinelsec · 2025-09-16T14:48:43Z

Sync v1.4.0 to 1.x

* reproducing issue - test 1 * resolve issue 85 - test 2 * test 3 * test fix --------- Co-authored-by: Michael Long <mlongii@amazon.com>

Co-authored-by: Michael Long <mlongii@amazon.com>

* Add severity providers: GHSA, GitLab * Add severity providers: GHSA, GitLab * Add REDHAT_CVE and UBUNTU_CVE providers * rename GHSA to GITHUB --------- Co-authored-by: Michael Long <mlongii@amazon.com>

* add --platform support for multi-arch containers * test multi-arch images on current branch * test actions against sbomgen 1.5.1-beta * fix --platform parsing error * fix platform parsing bug * test workflows on sbomgen latest (1.5.2) * Validate --platform input * Add more test cases, and revert workflow definitions * fix typo in platform arg --------- Co-authored-by: Michael Long <mlongii@amazon.com>

* fix severity rating mismatch * temporarily add a test workflow * Fix type issue: float provided, expected string * Rename workflow / job name * Add severity comparison logic * Revise severity sorting and selection logic * return default values on error * skip EPSS ratings for severity column * debugging unknown ratings * fix ratings with unknown name * Verify AMAZON_INSPECTOR renders correctly * fix failing test * temporarily disable failing tests * pass unit test: test_parse_inspector_scan_result * pass unit tests * change '-f' to '--failfast' for clarity * Remove unused type cast * refactor csv test * severity is rendered as 'other' not 'unknown' * test build on all actions * normalize dockerfile findings severity rating * debugging dockerfile severity * debugging * Normalize Dockerfile severity 'info' to 'other' * restore test actions * minor comment update * Remove develop workflow * Address PR feedback * test workflows against refactor * handle edge case CVE-2025-22871 * fix missing severity edge case * debugging epss * debugging * fix flawed test * added test case for absent severity rating * revert workflows to v1 --------- Co-authored-by: Michael Long <mlongii@amazon.com>

* Feature request 91 (#115) * FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts * Revert "FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts" This reverts commit bc532d4. * FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts * FR-91: Fix unit tests * FR-91: Fix typo in unit tests * Revert "FR-91: Fix typo in unit tests" This reverts commit e645542. * Revert "FR-91: Fix unit tests" This reverts commit f9157c9. * Revert "FR-91: Add cli arg only fixable vulnerability; use the variable in get_vuln_counts" This reverts commit 812c685. * FR-91: Change orchestrator to only find fixed vulnerabilities if flag show-only-fixed-vulnerabilities is present * FR-91: Fixed missing variable * FR-91: Fixed typo * FR-91: Fixed typo * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * FR-91: Another fix * Add unit test for get_vuln_count * Fix unit test for get_vuln_count --------- Co-authored-by: Maria Carolina Conceição <carolina.bento@floy.com> * Clarify license of inspector-sbomgen dependency (#121) Co-authored-by: Michael Long <mlongii@amazon.com> * [v1.3.0] Only trigger vuln threshold on fixable vulns (#122) * Add --threshold-fixable-only to CLI * implemented business logic * changed 'threshold_fixable_only' from str to bool * Added more test coverage and CLI refinements * debugging failing unit test * test threshold-fixable-only in workflow * test threshold-fixable-only in workflow * debugging CI/CD * debugging CI/CD * debugging * debugging * debugging * debugging * removed debug log showing CLI arguments * add missing argument, fixed_vuln_counts * simplify get_fixed_vuln_counts() return values * refactor return types in get_scan_result() * refactor * refine get_fixed_vuln_counts() * update test_get_fixed_vuln_counts() * testing case sensitivity * revert 'TRUE' to 'true' * use debug log when vuln doesnt have rating * integrate --show-only-fixable-vulns (part 1) * integrate only show fixable vulns * test example workflows * fix CLI input arguments * remove leading '-' character for conditional inclusion * add a no-op CLI arg (workaround) * enable new arguments in workflows * fix failing test * update workflows for prod --------- Co-authored-by: Michael Long <mlongii@amazon.com> * set workflows to v1.3.0 for burn-in --------- Co-authored-by: CarolMebiom <59604360+CarolMebiom@users.noreply.github.com> Co-authored-by: Maria Carolina Conceição <carolina.bento@floy.com> Co-authored-by: Michael Long <mlongii@amazon.com>

* Use aws-cli instead of amazonlinux to speed up container build time (#128) * Change Dockerfile source image to aws-cli * Set WORKDIR back to default value --------- Co-authored-by: Joshua-Grisham_SSCSpace <joshua.grisham@sscspace.com> * set workflows to develop for aws-cli runtime tests * add explicit permissions to GitHub Actions workflows (#130) * Measuring installation time (#131) (#132) * measuring installation time * Change workflows to point to v1.4.0 branch --------- Co-authored-by: Joshua Grisham <josh@joshuagrisham.com> Co-authored-by: Joshua-Grisham_SSCSpace <joshua.grisham@sscspace.com>

clueleaf and others added 20 commits August 28, 2024 15:58

replace scanner example (#84)

51b7484

Write CSV with no vulns (#86)

3aa7bb2

* reproducing issue - test 1 * resolve issue 85 - test 2 * test 3 * test fix --------- Co-authored-by: Michael Long <mlongii@amazon.com>

testing CSV with no vulns

561f140

test against main branch

2310b9e

Write Dockerfile CSV and Markdown on no vulns (#88)

2acdf07

Co-authored-by: Michael Long <mlongii@amazon.com>

Set example workflows to main branch for testing

cdcff85

Display 'no vulns found' for Dockerfiles (#92)

7260b5b

Co-authored-by: Michael Long <mlongii@amazon.com>

Tweak dockerfile report (#93)

9d3b153

Co-authored-by: Michael Long <mlongii@amazon.com>

Omit Dockerfile table on no vulns (#94)

b6c5e11

Co-authored-by: Michael Long <mlongii@amazon.com>

Updated workflows to v1.x - testing auto-updates (#96)

d62e2b9

Co-authored-by: Michael Long <mlongii@amazon.com>

update README (#97)

0ef860b

Co-authored-by: Michael Long <mlongii@amazon.com>

Extend vulnerability severity providers (#98)

d771038

* Add severity providers: GHSA, GitLab * Add severity providers: GHSA, GitLab * Add REDHAT_CVE and UBUNTU_CVE providers * rename GHSA to GITHUB --------- Co-authored-by: Michael Long <mlongii@amazon.com>

Verify v1 tag works

53b7369

Verify action against 1.x

b8917ac

Merge branch '1.x' into main

c55a96c

bluesentinelsec temporarily deployed to plugin-development September 16, 2025 14:53 — with GitHub Actions Inactive

bluesentinelsec temporarily deployed to plugin-development September 23, 2025 18:05 — with GitHub Actions Inactive

bluesentinelsec temporarily deployed to plugin-development September 23, 2025 18:06 — with GitHub Actions Inactive

bluesentinelsec temporarily deployed to plugin-development September 23, 2025 18:08 — with GitHub Actions Inactive

bluesentinelsec temporarily deployed to plugin-development September 23, 2025 18:09 — with GitHub Actions Inactive

bluesentinelsec temporarily deployed to plugin-development September 23, 2025 18:10 — with GitHub Actions Inactive

bluesentinelsec temporarily deployed to plugin-development September 23, 2025 18:24 — with GitHub Actions Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sync v1.4.0 to 1.x #135

Sync v1.4.0 to 1.x #135

Uh oh!

bluesentinelsec commented Sep 16, 2025

Uh oh!

Uh oh!

Sync v1.4.0 to 1.x #135

Sync v1.4.0 to 1.x #135

Uh oh!

Conversation

bluesentinelsec commented Sep 16, 2025

Uh oh!

Uh oh!