feat(report): Include dependencies into scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts (#1584)

* feat(report): Enhance scan result and cyclondex for supply chain security on Integration with GitHub Security Alerts * derive ecosystem/version from dependency graph * fix vars name && fetch manifest info on GSA && arrange ghpkgToPURL structure * fix miscs * typo in error message * fix ecosystem equally to trivy * miscs * refactoring * recursive dependency graph pagination * change var name && update comments * omit map type of ghpkgToPURL in signatures * fix vars name * goimports * make fmt * fix comment Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
2023-01-14 01:24:58 +09:00
parent 554ecc437e
commit ca64d7fc31
17 changed files with 340 additions and 40 deletions
--- a/tui/tui.go
+++ b/tui/tui.go
@@ -745,7 +745,7 @@ func setChangelogLayout(g *gocui.Gui) error {
 		}

 		for _, alert := range vinfo.GitHubSecurityAlerts {
-			lines = append(lines, "* "+alert.PackageName)
+			lines = append(lines, "* "+alert.RepoURLPackageName())
 		}

 		r := currentScanResult