esp-idf-sbom offers two ways to perform vulnerability scanning. The
primary method, which is the default, uses the NVD REST API. The
alternative method uses the esp-nvd-mirror repository. If there are
issues with accessing the NVD REST API, it can be useful to switch to
the esp-nvd-mirror easily. Allow to set the SBOM_CHECK_LOCAL_DB github
repository variable to switch to esp-nvd-mirror.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
This adds a github action, which performs continuous vulnerability
scanning using the esp-idf-sbom-action github action. The test
is scheduled everyday at midnight and it's also possible to start
it as dispatched workflow. This scans all possible manifest files
in repository. The references for scanning are defined in github's
VULNERABILITY_SCAN_REFS variable and a json list. For example
['master', 'release/v5.2', 'release/v5.1', 'release/v5.0', 'release/v4.4']
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Fixes issue "ERROR: Package 'conventional-precommit-linter' requires a
different Python: 3.7.17 not in '>=3.8'" of all Pull Requests.
Python 3.7 support will be dropped soon in the upcoming ESP-IDF v5.2
version.
Replaces the previously used Docker Hub autobuild infrastructure.
This allows for more flexible configuration of the build process,
at the expense of some extra maintenance of CI workflow files
required.
- Checks for forbidden files modification (.gitlab/.github) and PR approver access level
- Approver decides the approach for PR merging (Rebase or direct Merge)
