diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fe0c15a2..9215c651 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,14 +3,14 @@ updates: - package-ecosystem: github-actions directory: / schedule: - interval: daily + interval: weekly - package-ecosystem: pip directory: /PyOdbDesignServer schedule: - interval: daily + interval: weekly - package-ecosystem: docker directory: / schedule: - interval: daily + interval: weekly diff --git a/.github/workflows/cmake-multi-platform.yml b/.github/workflows/cmake-multi-platform.yml index ea553934..287ba34b 100644 --- a/.github/workflows/cmake-multi-platform.yml +++ b/.github/workflows/cmake-multi-platform.yml @@ -51,15 +51,20 @@ jobs: steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: Checkout Repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # add problem matchers by compiler - name: Add Problem Matchers - uses: ammaraskar/msvc-problem-matcher@13149ebc00eaa00eadcd81b204d7159cca5de4fd # master + uses: ammaraskar/msvc-problem-matcher@1ebcb382869bfdc2cc645e8a2a43b6d319ea1cc0 # master if: matrix.os == 'windows-2022' - name: Add Problem Matchers - uses: ammaraskar/gcc-problem-matcher@d1fed1fac9e94d30e23b5a82dba4e2963e71d2e7 # master + uses: ammaraskar/gcc-problem-matcher@0f9c86f9e693db67dacf53986e1674de5f2e5f28 # master if: matrix.os != 'windows-2022' - name: Install vcpkg Dependencies @@ -148,7 +153,7 @@ jobs: repository: 'nam20485/OdbDesignTestData' path: 'OdbDesignTestData' ref: 'main' - token: ${{ secrets.ODBDESIGN_TESTDATA_ACCESS_TOKEN }} + #token: ${{ secrets.ODBDESIGN_TESTDATA_ACCESS_TOKEN }} - name : Export ODB_TEST_DATA_DIR uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 @@ -165,7 +170,7 @@ jobs: # report test results - name: Report Test Results - uses: dorny/test-reporter@v1.7.0 + uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0 if: steps.cmake-test.outcome == 'success' || steps.cmake-test.outcome == 'failure' with: name: ${{ matrix.os }}_test-results @@ -207,7 +212,7 @@ jobs: Compress-Archive -Path "${{env.ARTIFACTS_DIR_WIN}}\*.dll","${{env.ARTIFACTS_DIR_WIN}}\*.exe" -DestinationPath "${{env.ARTIFACTS_DIR_WIN}}\artifacts-${{matrix.os}}.zip" -Verbose -Force - name: Upload Artifacts - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: ${{ matrix.os }}-artifacts path: ${{ env.ARTIFACTS_DIR }}/artifacts-${{matrix.os}}.zip diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fe603425..61185f57 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,12 +42,17 @@ jobs: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + uses: github/codeql-action/init@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 with: languages: ${{ matrix.language }} config-file: ${{ github.workspace }}/.github/codeql-config.yml @@ -78,6 +83,6 @@ jobs: run: cmake --build --preset linux-release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + uses: github/codeql-action/analyze@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 5e051ad6..37ba240a 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -29,6 +29,11 @@ jobs: steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: Check Dispatch ID run: | if [[ "${{ github.event.client_payload.dispatch_id }}" == "${{ secrets.DISPATCH_ID }}" ]]; then @@ -42,7 +47,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download Artifacts - uses: dawidd6/action-download-artifact@v3.0.0 + uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0 with: workflow: cmake-multi-platform.yml workflow_conclusion: success diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 50f55be6..5aa06663 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,16 +15,27 @@ permissions: contents: read jobs: + dependency-review: - runs-on: ubuntu-latest - permissions: + runs-on: ubuntu-22.04 + permissions: + id-token: write contents: write pull-requests: write steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Component detection + uses: advanced-security/component-detection-dependency-submission-action@5a8ce4ad8c6fbb9b88f66f672014e44b427d7d54 # v0.0.2 + - name: 'Dependency Review' - uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0 + uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0 with: comment-summary-in-pr: true diff --git a/.github/workflows/deploy-eks.yml b/.github/workflows/deploy-eks.yml index 9147498b..86ffba11 100644 --- a/.github/workflows/deploy-eks.yml +++ b/.github/workflows/deploy-eks.yml @@ -8,8 +8,14 @@ on: repository_dispatch: types: [ "trigger_deploy_release_event" ] +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: false + env: - AWS_REGION: us-west-2 # set this to your preferred AWS region, e.g. us-west-1 + AWS_REGION: us-west-2 permissions: contents: read @@ -18,10 +24,17 @@ jobs: deploy: name: Deploy runs-on: ubuntu-22.04 - environment: production + environment: + name: ${{ github.event.client_payload.ref_name }} + url: http://default-ingress-1165108808.us-west-2.elb.amazonaws.com/swagger steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: Check Dispatch ID run: | if [[ "${{ github.event.client_payload.dispatch_id }}" == "${{ secrets.DISPATCH_ID }}" ]]; then @@ -32,24 +45,26 @@ jobs: fi - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install AWS CLI run: | - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip awscliv2.zip - sudo ./aws/install aws --version + # curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + # unzip awscliv2.zip + # sudo ./aws/install + # aws --version - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4.0.1 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ env.AWS_REGION }} - - name: Configure kubectl via Secret Env - run: | + - name: Configure kubectl + run: | + aws --version echo ${{ secrets.KUBECONFIG }} > ${{ github.workspace }}/kubeconfig export KUBECONFIG=${{ github.workspace }}/kubeconfig echo $KUBECONFIG diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index b1be7868..4067538d 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -36,18 +36,23 @@ jobs: id-token: write steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # add problem matchers - name: Add Problem Matchers - uses: ammaraskar/gcc-problem-matcher@d1fed1fac9e94d30e23b5a82dba4e2963e71d2e7 # master + uses: ammaraskar/gcc-problem-matcher@0f9c86f9e693db67dacf53986e1674de5f2e5f28 # master # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: cosign-installer if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx @@ -67,7 +72,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -106,8 +111,8 @@ jobs: - name: Trigger Deploy and Release Workflows if: github.ref_name == 'release' && github.event_name == 'push' - uses: peter-evans/repository-dispatch@v3.0.0 + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 with: repository: ${{ github.repository }} event-type: trigger_deploy_release_event - client-payload: '{"ref": "${{ github.ref_name }}", "dispatch_id": "${{ secrets.DISPATCH_ID }}"}' + client-payload: '{"ref_name": "${{ github.ref_name }}", "dispatch_id": "${{ secrets.DISPATCH_ID }}"}' diff --git a/.github/workflows/docker-scout-scan.yml b/.github/workflows/docker-scout-scan.yml index 06c9fa79..a4c0c122 100644 --- a/.github/workflows/docker-scout-scan.yml +++ b/.github/workflows/docker-scout-scan.yml @@ -42,12 +42,17 @@ jobs: if: github.event_name != 'pull_request' || github.base_ref != 'development' || github.head_ref == 'nam20485' steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: Checkout repository uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # add problem matchers - name: Add Problem Matchers - uses: ammaraskar/gcc-problem-matcher@d1fed1fac9e94d30e23b5a82dba4e2963e71d2e7 # master + uses: ammaraskar/gcc-problem-matcher@0f9c86f9e693db67dacf53986e1674de5f2e5f28 # master # # Install the cosign tool except on PR # # https://github.com/sigstore/cosign-installer @@ -83,7 +88,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 with: images: ${{ env.IMAGE_NAME }} tags: | @@ -128,7 +133,7 @@ jobs: - name: Analyze for critical and high CVEs id: docker-scout-cves # if: ${{ github.event_name != 'pull_request_target' }} - uses: docker/scout-action@42a6acc319ac229f86e12bfca3b83de09fb058be # v1.3.0 + uses: docker/scout-action@4a5494eb7c2b3d712b805ee65ad57a0371d50874 # v1.4.1 with: command: cves,recommendations image: ${{ steps.meta.outputs.tags }} @@ -138,14 +143,14 @@ jobs: - name: Upload SARIF result id: upload-sarif - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 with: sarif_file: sarif.output.json - name: Docker Scout Compare to Latest id: docker-scout if: ${{ github.event_name == 'pull_request' }} - uses: docker/scout-action@42a6acc319ac229f86e12bfca3b83de09fb058be # v1.3.0 + uses: docker/scout-action@4a5494eb7c2b3d712b805ee65ad57a0371d50874 # v1.4.1 with: command: compare image: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml new file mode 100644 index 00000000..e9c34da5 --- /dev/null +++ b/.github/workflows/jekyll-gh-pages.yml @@ -0,0 +1,64 @@ +# Sample workflow for building and deploying a Jekyll site to GitHub Pages +name: Deploy Jekyll with GitHub Pages dependencies preinstalled + +on: + # Runs on pushes targeting the default branch + push: + branches: ["release"] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + # Build job + build: + runs-on: ubuntu-22.04 + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup Pages + uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4.0.0 + + - name: Build with Jekyll + uses: actions/jekyll-build-pages@3ef60073fe85b3ccba7e900c2ebf9d7542dc7a8f # v1.0.11 + with: + source: ./docs + destination: ./_site + + - name: Upload artifact + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@decdde0ac072f6dcbe43649d82d9c635fff5b4e4 # v4.0.4 diff --git a/.github/workflows/sbom-generate-submit.yml b/.github/workflows/sbom-generate-submit.yml new file mode 100644 index 00000000..54d416e0 --- /dev/null +++ b/.github/workflows/sbom-generate-submit.yml @@ -0,0 +1,38 @@ +name: SBOM Generate and Submit + +on: + push: + branches: [ "main", "release", "development", "nam20485" ] + workflow_dispatch: + +permissions: + contents: read + +jobs: + build: + name: Generate-Submit-SBOM + runs-on: ubuntu-22.04 + permissions: + id-token: write + contents: write + + steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + + - name: Checkout Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: SBOM Generate + uses: advanced-security/sbom-generator-action@375dee8e6144d9fd0ec1f5667b4f6fb4faacefed # v0.0.1 + id: sbom-generate + env: + GITHUB_TOKEN: ${{ github.token }} + + - name: SBOM Upload + uses: advanced-security/spdx-dependency-submission-action@dc069b56ba31ce546dc419b549aceb808c632d9a # v0.0.1 + with: + filePath: ${{ steps.sbom-generate.outputs.fileName }} + \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a3811e0c..f2ced069 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -15,6 +15,7 @@ on: # branches: [ "development" ] pull_request: branches: [ "development" ] + workflow_dispatch: # Declare default permissions as read only. permissions: read-all @@ -33,6 +34,11 @@ jobs: # actions: read steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - name: "Checkout code" uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: @@ -61,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif @@ -69,6 +75,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + uses: github/codeql-action/upload-sarif@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index 3515d544..c74844b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-20240110@sha256:b16cef8cbcb20935c0f052e37fc3d38dc92bfec0bcfb894c328547f81e932d67 AS build +FROM debian:bookworm-20240211@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90 AS build ARG OWNER=nam20485 ARG GITHUB_TOKEN="PASSWORD" @@ -66,7 +66,7 @@ RUN cmake --build --preset linux-release # RUN cmake --build --preset linux-debug # much smaller runtime image -FROM debian:bookworm-20240110-slim@sha256:f4a83aa865a2b4a064ff142aa91c713180df9fcb86ce676b5de2981029379c37 AS run +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign LABEL org.opencontainers.image.authors=https://github.com/nam20485 LABEL org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888." diff --git a/Dockerfile (exe) b/Dockerfile (exe) index 2f1a1960..e78026c7 100644 --- a/Dockerfile (exe) +++ b/Dockerfile (exe) @@ -1,4 +1,4 @@ -FROM debian:bookworm-20240110-slim@sha256:f4a83aa865a2b4a064ff142aa91c713180df9fcb86ce676b5de2981029379c37 AS build +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build # install dependencies RUN apt-get update && \ @@ -52,7 +52,7 @@ RUN cp /src/OdbDesign/out/build/linux-release/OdbDesignLib/libOdbDesign.so ./_Py #RUN python3 -m build # much smaller runtime image -FROM debian:bookworm-20240110-slim@sha256:f4a83aa865a2b4a064ff142aa91c713180df9fcb86ce676b5de2981029379c37 AS run +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS run RUN mkdir /OdbDesign WORKDIR /OdbDesign diff --git a/Dockerfile_PyOdbDesignServer b/Dockerfile_PyOdbDesignServer index f6ba739c..8a91bf18 100644 --- a/Dockerfile_PyOdbDesignServer +++ b/Dockerfile_PyOdbDesignServer @@ -1,4 +1,4 @@ -FROM debian:bookworm-20240110-slim@sha256:f4a83aa865a2b4a064ff142aa91c713180df9fcb86ce676b5de2981029379c37 AS build +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc AS build # install dependencies RUN apt-get update && \ @@ -44,7 +44,7 @@ RUN cmake --build --preset python-linux-release # much smaller runtime image #FROM python:3.11.4-bullseye AS run -FROM debian:bookworm-20240110-slim@sha256:f4a83aa865a2b4a064ff142aa91c713180df9fcb86ce676b5de2981029379c37 as run +FROM debian:bookworm-20240211-slim@sha256:d02c76d82364cedca16ba3ed6f9102406fa9fa8833076a609cabf14270f43dfc as run # copy PyOdbDesignServer files COPY --from=build /src/OdbDesign/PyOdbDesignServer PyOdbDesignServer @@ -60,7 +60,7 @@ RUN apt-get update && \ python3-pip WORKDIR /PyOdbDesignServer -RUN python3 -m pip install -r requirements.txt --break-system-packages +RUN python3 -m pip install -r requirements.txt --break-system-packages --require-hashes # run WORKDIR /PyOdbDesignServer diff --git a/PyOdbDesignServer/requirements.txt b/PyOdbDesignServer/requirements.txt index ca9bc938..a1fd0426 100644 --- a/PyOdbDesignServer/requirements.txt +++ b/PyOdbDesignServer/requirements.txt @@ -8,9 +8,9 @@ asgiref==3.7.2 \ --hash=sha256:89b2ef2247e3b562a16eef663bc0e2e703ec6468e2fa8a5cd61cd449786d4f6e \ --hash=sha256:9e0ce3aa93a819ba5b45120216b23878cf6e8525eb3848653452b4192b92afed # via django -django==5.0.1 \ - --hash=sha256:8c8659665bc6e3a44fefe1ab0a291e5a3fb3979f9a8230be29de975e57e8f854 \ - --hash=sha256:f47a37a90b9bbe2c8ec360235192c7fddfdc832206fcf618bb849b39256affc1 +django==5.0.2 \ + --hash=sha256:56ab63a105e8bb06ee67381d7b65fe6774f057e41a8bab06c8020c8882d8ecd4 \ + --hash=sha256:b5bb1d11b2518a5f91372a282f24662f58f66749666b0a286ab057029f728080 # via # -r requirements.in # djangorestframework diff --git a/docs/README.md b/docs/README.md index edaf2d72..b3dd382e 100644 --- a/docs/README.md +++ b/docs/README.md @@ -68,6 +68,7 @@ The diagram describes the current state of parser implementation and data availa | Security Code Scan | [![CodeQL Security Scan](https://github.com/nam20485/OdbDesign/actions/workflows/codeql.yml/badge.svg?branch=development)](https://github.com/nam20485/OdbDesign/actions/workflows/codeql.yml) | | Docker Security Scan | [![Docker Scout Scan](https://github.com/nam20485/OdbDesign/actions/workflows/docker-scout-scan.yml/badge.svg?branch=development)](https://github.com/nam20485/OdbDesign/actions/workflows/docker-scout-scan.yml) | | Dependency Review Scan | [![Dependency Review](https://github.com/nam20485/OdbDesign/actions/workflows/dependency-review.yml/badge.svg?branch=development)](https://github.com/nam20485/OdbDesign/actions/workflows/dependency-review.yml) | +| Upload SBOM | [![SBOM Generate and Submit](https://github.com/nam20485/OdbDesign/actions/workflows/sbom-generate-submit.yml/badge.svg?branch=development)](https://github.com/nam20485/OdbDesign/actions/workflows/sbom-generate-submit.yml) | #### `main` @@ -78,6 +79,7 @@ The diagram describes the current state of parser implementation and data availa | Security Code Scan | [![CodeQL Security Scan](https://github.com/nam20485/OdbDesign/actions/workflows/codeql.yml/badge.svg?branch=development)](https://github.com/nam20485/OdbDesign/actions/workflows/codeql.yml) | | Docker Security Scan | [![Docker Scout Scan](https://github.com/nam20485/OdbDesign/actions/workflows/docker-scout-scan.yml/badge.svg?branch=main)](https://github.com/nam20485/OdbDesign/actions/workflows/docker-scout-scan.yml) | | Dependency Review Scan | [![Dependency Review](https://github.com/nam20485/OdbDesign/actions/workflows/dependency-review.yml/badge.svg?branch=main)](https://github.com/nam20485/OdbDesign/actions/workflows/dependency-review.yml) | +| Upload SBOM | [![SBOM Generate and Submit](https://github.com/nam20485/OdbDesign/actions/workflows/sbom-generate-submit.yml/badge.svg?branch=main)](https://github.com/nam20485/OdbDesign/actions/workflows/sbom-generate-submit.yml) | #### `release` @@ -88,6 +90,7 @@ The diagram describes the current state of parser implementation and data availa | Security Code Scan | [![CodeQL Security Scan](https://github.com/nam20485/OdbDesign/actions/workflows/codeql.yml/badge.svg?branch=development)](https://github.com/nam20485/OdbDesign/actions/workflows/codeql.yml) | | Docker Security Scan | [![Docker Scout Scan](https://github.com/nam20485/OdbDesign/actions/workflows/docker-scout-scan.yml/badge.svg?branch=release)](https://github.com/nam20485/OdbDesign/actions/workflows/docker-scout-scan.yml) | | Dependency Review Scan | [![Dependency Review](https://github.com/nam20485/OdbDesign/actions/workflows/dependency-review.yml/badge.svg?branch=release)](https://github.com/nam20485/OdbDesign/actions/workflows/dependency-review.yml) | +| Upload SBOM | [![SBOM Generate and Submit](https://github.com/nam20485/OdbDesign/actions/workflows/sbom-generate-submit.yml/badge.svg?branch=release)](https://github.com/nam20485/OdbDesign/actions/workflows/sbom-generate-submit.yml) | ### Architecture