| CARVIEW |
Select Language
HTTP/2 200
date: Sun, 27 Jul 2025 17:35:02 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"063964fdfc3b2471f1dd78ec10ab94cd"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=acpuRgDzeBi2ul5l09V3%2F2A3hqtnQaOq%2F6fewXsukUz2UzCxFRBeIxwEnmDQI9m2K0nCq7U14D3pvtP%2FbVURIXwBTXRgpOYlrM6bdVXufYeAL5i8s0B5ObUK8vg0yimxzXDUceFoo6R85YU2Pv4fTQDsWLCaTNqbZCCFq3362ErHtvADJSFF%2BeQQp4W%2FYTWoGw%2BRkZBOnfGILSN491yt9m8izV2k3Jxv%2BrxVqYZlzSrMZSBkhdmm%2BwwIn5YcHSfBfL3slyI%2BB20zglARzugqPw%3D%3D--R%2Bb9r0sfVrZ6q%2BJ9--CsgBRYnFoHT%2BbBY9tAaMQA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1080992787.1753637702; Path=/; Domain=github.com; Expires=Mon, 27 Jul 2026 17:35:02 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Mon, 27 Jul 2026 17:35:02 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: B4D4:872F4:104A9A0:15631FE:68866346
Tags · gitpod-io/leeway · GitHub
Toggle v0.10.4's commit message
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 21
Tags: gitpod-io/leeway
Tags
v0.10.4
Add SBOM generation and vulnerability scanning This commit adds comprehensive Software Bill of Materials (SBOM) generation and vulnerability scanning capabilities to Leeway: - Generate SBOMs for packages during build in multiple formats (CycloneDX, SPDX, Syft) - Scan SBOMs for vulnerabilities using Grype - Add new commands: - `leeway sbom export` to export SBOMs from built packages - `leeway sbom scan` to scan packages for vulnerabilities - Configure SBOM generation and scanning in WORKSPACE.yaml - Support vulnerability filtering with ignore rules at workspace and package levels - Generate vulnerability reports in multiple formats (JSON, text, CycloneDX, SARIF) - Add documentation in README.md with examples and configuration options This feature helps identify and manage security vulnerabilities in the software supply chain by providing visibility into package dependencies and their known vulnerabilities.
PreviousNext
You can’t perform that action at this time.