Merge in Mitun project

Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "soos-sample-project"
+authors = ["SOOS <[email protected]>"]
+version = "1.0.1"
+edition = "2021"
+license = "MIT"
+license-file = "LICENSE"
+description = "SOOS ( https://soos.io ) is an independent software security company, located in Winooski, VT USA, building security software for your team. Used for testing purposes, this package is an example of a vulnerable package on a public registry."
+homepage = "https://soos.io/"
+repository = "https://github.com/soos-io/sample-project-rust"
+readme = "README.md"
+keywords = ["sample", "testing"]
+
+[dependencies]
+aac = "0.0.0"
+acc_reader = "2.0.0"
+pbkdf2 = { version = "0.13.0-pre.1" }
+core-nightly = "2015.1.7"
+protobuf = "2.5.0"

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 SOOS LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,117 +1,13 @@
-# Sonatype Lifecycle CI Examples
-CI example builds and Sonatype Lifecycle analysis for different languages.
+# About SOOS
 
-Each of the examples are split into separate Git branches, so they can easily automatically be pulled into a CI multibranch build job, as explained below for Jenkins CI.
+SOOS is an independent software security company, located in Winooski, VT USA, building security software for your team. [SOOS, Software security, simplified](https://soos.io).
 
-|Language  |Build System         |Lifecycle Integration             |Git Branch|
-|----------|---------------------|----------------------------------|:-----|
-|C++       |cmake                |[Sonatype CLI][CLI]               |[c++-cmake-opencv](../../tree/c++-cmake-opencv)|
-|Java      |Gradle/Android Studio|[Sonatype CLI][CLI]               |[java-android-gradle-LeafPic](../../tree/java-android-gradle-LeafPic)|
-|Java      |Gradle/Android Studio|[Sonatype CLI][CLI]               |[java-android-gradle-nextcloud](../../tree/java-android-gradle-nextcloud)|
-|Java      |Maven                |[Sonatype Jenkins Plugin][Jenkins]|[java-maven-struts2-rce](../../tree/java-maven-struts2-rce)|
-|Java      |Maven                |[Sonatype Jenkins Plugin][Jenkins]|[java-maven-webgoat](../../tree/java-maven-webgoat)|
-|Javascript|NPM                  |AuditJS                           |[javascript-auditjs-juiceshop](../../tree/javascript-auditjs-juiceshop)|
-|Javascript|NPM                  |[Sonatype Jenkins Plugin][Jenkins]|[javascript-npm-juiceshop](../../tree/javascript-npm-juiceshop)|
-|Javascript|NPM                  |[Sonatype Jenkins Plugin][Jenkins]|[javascript-npm-nodegoat](../../tree/javascript-npm-nodegoat)|
-|PHP       |Composer             |[Sonatype CLI][CLI]               |[php-composer-symfony](../../tree/php-composer-symfony)|
-|Python    |PIP                  |Jake                              |[python-jake-homeassistant](../../tree/python-jake-homeassistant)|
-|Python    |PIP                  |[Sonatype Jenkins Plugin][Jenkins]|[python-pip-homeassistant](../../tree/python-pip-homeassistant)|
-|Rust      |Rust                 |[Sonatype Jenkins Plugin][Jenkins]|[rust-rust-story](../../tree/rust-rust-story)|
+Use SOOS to scan your software for [vulnerabilities](https://app.soos.io/research/vulnerabilities) and [open source license](https://app.soos.io/research/licenses) issues with [SOOS Core SCA](https://soos.io/products/sca). [Generate and ingest SBOMs](https://soos.io/products/sbom-manager). [Export reports](https://kb.soos.io/help/soos-reports-for-export) to industry standards. Govern your open source dependencies. Run the [SOOS DAST vulnerability scanner](https://soos.io/products/dast) against your web apps or APIs. [Scan your Docker containers](https://soos.io/products/containers) for vulnerabilities. Check your source code for issues with [SAST Analysis](https://soos.io/products/sast).
 
-To make the builds repeatable and simple, this project include Jenkins Docker build nodes provided as Docker containers with a preconfigured build environment for each ecosystem; for example for Maven build example, the container [preconfigures Maven and Java](https://github.com/sonatype-nexus-community/nexus-ci-examples/blob/java-maven-struts2-rce/jenkins-node-maven/Dockerfile). The Dockerfile and supporting content are provided with each build example branch.
+[Demo SOOS](https://app.soos.io/demo) or [Register for a Free Trial](https://app.soos.io/register).
 
-## Usage instructions for Jenkins
-### Jenkins setup
+If you maintain an Open Source project, sign up for the Free as in Beer [SOOS Community Edition](https://soos.io/products/community-edition).
 
-You will need the Jenkins "Docker" and “Nexus Platform” plugins 
+## sample-project-rust
 
-Jenkins -> Manage Jenkins -> Manage Plugins -> Available
-            Type: “Nexus Platform” in the search box
-            Select the Nexus Platform plugin, then “Install without restart”
-
-### Configure the Nexus Plugin
-Jenkins -> Manage Jenkins -> Configure System
-
-Scroll down to the Sonatype Nexus section
-
-“Add IQ Server”
-
-and add the IQ server configuration and cridentials, you can check the connection on this page.
-
-### Install the Docker Plugin
-Jenkins -> Manage Jenkins -> Manage Plugins -> Available
-            Type: “Docker” in the search box
-            Select the “Docker” plugin (not the Docker API plugin)
-
-Select “Download now and install after restart”
-             Select the “Restart after download when no jobs are running”
-
-### Configure the Docker Cloud
-The groovy scipt on the project can automate the setup of the Docker plugin.
-                        Click on the set-up-cloud.groovy file
-                        Click the “raw” button near the top
-                        Copy the entire file
-
-Login to Jenkins:
-                        Jenkins -> Manage Jenkins -> Script Console (it’s under Tools and Actions)
-
-Paste the text/copy buffer into the window
-
-Search for 'IQserver' and change the IQ URL to match you system configuration (bear in mind that this is from within a docker build node, not from the Jenkins machine itself)
-For example if you use Docker Desktop and your IQ server is running on the same host as docker you would use: http://host.docker.internal:8070
-You will also need to configure the location the system can use to reach your docker host. For a local Jenkins and Docker install the unix socket in the default config will work, for other systems, such as Jenkins within docker you will need to mount the socket as a volume or expose the API to http.
-
-
-### Jenkins Job Configuration
-Before configuring this, you need to create a GitHub token for Jenkins to access the GitHub repository with.  Failure to do this will result in errors caused by hitting the GitHub API limits.
-
-### Create a GitHub “Token”
-Open http://www.github.com  and “Signin”.    You may need to provide your 2FA token using Google Authenticator.
-
-Click on your user icon in the upper right corner -> Settings
-
-At the bottom left -> Developer settings -> Personal access tokens
-
-[Generate new token]
-
-
-### Create the Jenkins job
-
-Jenkins -> Create a job
-
-              Enter an item name:  Nexus Example Builds
-
-              Scroll to the bottom and select: Multibranch Pipeline.  -> OK
-
-
-
-              Display Name:  Nexus Example Builds
-
-              Branch Sources -> Add source -> GitHub
-
-                        Credentials:  Add -> Jenkins
-
-                                    Username:      <username>@sonatype.com
-
-                                    Password:       Paste your token password
-
-                                    ID:                   NexusExampleBuilds-GitHub
-
-                                    Description:   NexusExampleBuilds-GitHub
-
-                                    [Add]
-
-                        Credentials:  Select NexusExampleBuilds-GitHub
-
-                        Repository HTTPS URL:  https://github.com/sonatype-nexus-community/nexus-ci-examples.git
-
-                                    [Validate]
-
-                        Scroll to the bottom and select “Save”
-
-
-
-At this point – Builds for all the platforms/eco-systems will automatically kick off.
-
-[CLI]: https://help.sonatype.com/en/sonatype-iq-cli.html
-[Jenkins]: https://help.sonatype.com/en/sonatype-platform-plugin-for-jenkins.html
+This repository is an example of a vulnerable package on a public registry. It is used for testing purposes.