python services

Signed-off-by: Prabhu Subramanian <[email protected]>

Update packages. Add sample test for python evinse

Signed-off-by: Prabhu Subramanian <[email protected]>

.github/workflows/app-release.yml

@@ -14,7 +14,7 @@ jobs:
     - name: Use Node.js
       uses: actions/setup-node@v3
       with:
-        node-version: 20.5
+        node-version: '21.x'
     - name: Install dependencies
       run: |
         sudo apt-get install -y python3.8 python3.8-dev python3-pip python3-testresources python3-setuptools patchelf desktop-file-utils libgdk-pixbuf2.0-dev

.github/workflows/dockertests.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: ['21.x']
         java-version: ['19']
     steps:
       - uses: actions/checkout@v4
@@ -22,7 +22,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.10'
+          python-version: '3.11'
       - name: Set up JDK
         uses: actions/setup-java@v3
         with:
@@ -68,7 +68,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: ['21.x']
         java-version: ['19']
     steps:
       - uses: actions/checkout@v4
@@ -79,7 +79,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.10'
+          python-version: '3.11'
       - name: Set up JDK
         uses: actions/setup-java@v3
         with:
@@ -108,7 +108,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: ['21.x']
         java-version: ['19']
     steps:
       - uses: actions/checkout@v4
@@ -119,7 +119,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.10'
+          python-version: '3.11'
       - name: Set up JDK
         uses: actions/setup-java@v3
         with:

.github/workflows/nodejs.yml

@@ -15,7 +15,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [16.x, 18.x, 20.x]
+        node-version: ['16.x', '18.x', '20.x', '21.x']
 
     steps:
       - uses: actions/checkout@v4

.github/workflows/python-atom-tests.yml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: ['21.x']
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/repotests.yml

@@ -11,7 +11,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node-version: [18.x]
+        node-version: ['21.x']
         os: ['ubuntu-latest', 'windows-latest']
     runs-on: ${{ matrix.os }}
     steps:
@@ -148,6 +148,10 @@ jobs:
         with:
           repository: 'hoolicorp/java-sec-code'
           path: 'repotests/java-sec-code'
+      - uses: actions/checkout@v3
+        with:
+          repository: 'DefectDojo/django-DefectDojo'
+          path: 'repotests/django-DefectDojo'
       - uses: dtolnay/rust-toolchain@stable
       - name: repotests
         run: |
@@ -160,6 +164,8 @@ jobs:
           bin/cdxgen.js -p -t java repotests/java-sec-code -o bomresults/bom-java-sec-code.json --only spring
           bin/cdxgen.js -p -t java repotests/java-sec-code -o repotests/java-sec-code/bom.json --deep
           node bin/evinse.js -i repotests/java-sec-code/bom.json -o bomresults/java-sec-code.evinse.json -l java --with-reachables -p repotests/java-sec-code
+          bin/cdxgen.js -t python repotests/django-DefectDojo -o repotests/django-DefectDojo/bom.json --deep
+          node bin/evinse.js -i repotests/django-DefectDojo/bom.json -o bomresults/django-DefectDojo.evinse.json -l python --with-reachables repotests/django-DefectDojo
           bin/cdxgen.js -p -r -t java repotests/shiftleft-java-example -o bomresults/bom-java.json --generate-key-and-sign
           node bin/evinse.js -i bomresults/bom-java.json -o bomresults/bom-java.evinse.json -l java --with-data-flow -p repotests/shiftleft-java-example
           SBOM_SIGN_ALGORITHM=RS512 SBOM_SIGN_PRIVATE_KEY=bomresults/private.key SBOM_SIGN_PUBLIC_KEY=bomresults/public.key bin/cdxgen.js -p -r -t github repotests/shiftleft-java-example -o bomresults/bom-github.json

bin/cdxgen.js

@@ -148,6 +148,9 @@ const args = yargs(hideBin(process.argv))
     default: false,
     description: "Generate SBOM with evidence for supported languages. WIP"
   })
+  .option("deps-slices-file", {
+    description: "Path for the parsedeps slice file created by atom."
+  })
   .option("usages-slices-file", {
     description: "Path for the usages slice file created by atom."
   })

data/frameworks-list.json

@@ -4,8 +4,8 @@
     "System.ServiceModel",
     "System.Data",
     "spring",
-    "flask",
-    "django",
+    "pkg:pypi/flask",
+    "pkg:pypi/django",
     "beego",
     "chi",
     "echo",
@@ -30,15 +30,28 @@
     "express",
     "knex",
     "vue",
-    "aiohttp",
-    "bottle",
-    "cherrypy",
-    "drt",
-    "falcon",
-    "hug",
-    "pyramid",
-    "sanic",
-    "tornado",
+    "pkg:pypi/aiohttp",
+    "pkg:pypi/bottle",
+    "pkg:pypi/cherrypy",
+    "pkg:pypi/drt",
+    "pkg:pypi/falcon",
+    "pkg:pypi/hug",
+    "pkg:pypi/pyramid",
+    "pkg:pypi/sanic",
+    "pkg:pypi/tornado",
+    "pkg:pypi/fastapi",
+    "pkg:pypi/pyqt",
+    "pkg:pypi/tkinter",
+    "pkg:pypi/kivy",
+    "pkg:pypi/pyside",
+    "pkg:pypi/scikit",
+    "pkg:pypi/tensorflow",
+    "pkg:pypi/pytorch",
+    "pkg:pypi/keras",
+    "pkg:pypi/numpy",
+    "pkg:pypi/scipy",
+    "pkg:pypi/pandas",
+    "pkg:pypi/matplotlib",
     "vibora",
     "koa",
     "-sdk",

data/pypi-pkg-aliases.json

@@ -553,6 +553,7 @@
   "creole": "python-creole",
   "creoleparser": "creoleparser",
   "crispy-forms": "django-crispy-forms",
+  "crum": "django-crum",
   "cronlog": "python-crontab",
   "crontab": "python-crontab",
   "crypto": "pycryptodome",
@@ -589,6 +590,7 @@
   "djcelery": "django-celery",
   "djkombu": "django-kombu",
   "djorm-pgarray": "djorm-ext-pgarray",
+  "django-filters": "filters-django",
   "dns": "dnspython",
   "docgen": "ansible-docgenerator",
   "docker": "docker-py",
@@ -631,6 +633,7 @@
   "fdpexpect": "pexpect",
   "fedora": "python-fedora",
   "fias": "ailove-django-fias",
+  "fieldsignals": "django-fieldsignals",
   "fiftyone-degrees": "51degrees-mobile-detector",
   "fiftyonedegrees": "51degrees-mobile-detector-v3-wrapper",
   "five": "five.customerize",
@@ -709,6 +712,7 @@
   "igraph": "python-igraph",
   "imdb": "imdbpy",
   "impala": "impyla",
+  "imagekit": "django-imagekit",
   "impersonate": "django-impersonate",
   "inmemorystorage": "ambition-inmemorystorage",
   "ipaddress": "backport-ipaddress",
@@ -845,6 +849,7 @@
   "path": "path.py",
   "patricia": "patricia-trie",
   "paver": "paver",
+  "packageurl": "packageurl-python",
   "peak": "proxytypes",
   "picasso": "anderson.picasso",
   "picklefield": "django-picklefield",
@@ -1057,6 +1062,7 @@
   "slugify": "unicode-slugify",
   "smarkets": "smk-python-sdk",
   "snappy": "ctypes-snappy",
+  "social-core": "social-auth-core",
   "social-django": "social-auth-app-django",
   "socketio": "python-socketio",
   "socketserver": "pies2overrides",