debricked / cli Goto Github PK
View Code? Open in Web Editor NEWDebricked's command line interface. It brings open source security, compliance and health to your project via the command prompt.
License: MIT License
Debricked's command line interface. It brings open source security, compliance and health to your project via the command prompt.
License: MIT License
To avoid issues like addressed in #120 from sneaking into main
In the multistage Dockerfile that is used to build the official release of the image there is a problem with go versions:
Under the first scope (FROM golang:1.20-alpine AS dev
) go 1.20 is used, but under the second scope:
FROM alpine:latest AS cli
...
RUN apk --no-cache --update add go
Alpine will resolve to go version 1.19 today.
It is probably good to be explicit about what version of go to install, rather than rely on whatever is distributed through Alpine right now.
This affects the resolution-cmd branch.
When running debricked resolve
on a python project, if the command is successful, the generated requirements.txt.venv folder is removed. But if the command fails for some reason, the requirements.txt.venv folder remains in the project root.
I wish to regenerate already existing lock files. Using debricked CLI version 1.2.1 via Windows command prompt:
C:\project> debricked resolve . --regenerate 2
The above command throws the following error:
Error: unknown flag: --regenerate
Usage:
debricked resolve [path] [flags]
...
As title, in addition to the existing --exclusion flag.
Ideally the exclusions are comma separated when using the environment flag.
E.g.
-e "*/**.lock" -e "**/node_modules/**" -e "*\**.ex
becomes
DEBRICKED_EXCLUSIONS="*/**.lock,**/node_modules/**,*\**.ex"
Add the ability to resolve dependency trees and generate lock-files without installing dependencies. This is relevant because I already have all my dependencies installed in a private image that I'm using as a base to perform the Debricked scan in my CI, therefore I would just like to resolve my (pip) lock files and scan them, without installing stuff.
I'm using the Azure DevOps pipeline integration:
https://github.com/debricked/cli/blob/main/examples/templates/Azure/azure-pipelines.yml
I added to the yaml definition that the task should fail on std error, hoping to catch issues this way:
It seems that there is output to routed to stderr instead of stdout, which obviously now causes my pipeline to fail, but without any real reason:
Could you change the output type?
Package installation can be complex sometimes and depend on the underlying OS. For pip, installing some c-compiled packages may require re-compilation of that package during installation on Alpine distros. But, pip can simply download the relevant files on Debian without compilation.
It would be great if I could choose what distro my debricked/cli image was so that I can pick the distro best suited to my needs (and not re-compile pandas 100 times a day ๐ฉ๏ธ )
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.