Merge branch 'main' into integrate-lib4vex

Author: JigyasuRajput

.github/actions/spelling/allow.txt

@@ -15,6 +15,7 @@ apcupsd
 api
 apk
 apparmor
+apr
 ares
 argparse
 Args
@@ -25,6 +26,7 @@ asterisk
 atftp
 atheris
 atlassian
+augeas
 autoescape
 autoextract
 autoextracts
@@ -54,6 +56,7 @@ blog
 bluetooth
 bluetoothctl
 bluez
+boa
 boinc
 bolt
 boot
@@ -69,6 +72,7 @@ bwm
 bzip
 c
 cabextract
+cairo
 capnproto
 cbt
 CDNs
@@ -77,6 +81,7 @@ ceph
 cfa
 cfea
 cff
+cflow
 chaitanyamogal
 Changelog
 charset
@@ -86,11 +91,13 @@ chris
 chrony
 civetweb
 clamav
+clang
 cleartext
 clnt
 cmdline
 codebase
 codecov
+codespell
 collectd
 commons
 compress
@@ -149,6 +156,7 @@ dio
 Dio
 distro
 distros
+djvulibre
 dlt
 dmidecode
 dnsmasq
@@ -203,7 +211,9 @@ file
 filepaths
 filetype
 filterdiv
+filters
 firefox
+firejail
 flac
 fluidsynth
 flutterchina
@@ -219,8 +229,10 @@ fsf
 fsprogs
 ftp
 ftpd
+fuse
 fuzzer
 g
+GAAD
 GAD
 gawk
 gcc
@@ -259,9 +271,11 @@ gpsd
 graphicsmagick
 grep
 grub
+gsasl
 GSo
 gsoc
 gstreamer
+guile
 gupnp
 gvfs
 gzip
@@ -291,9 +305,13 @@ i
 icecast
 icu
 ikeydoherty
+imagemagick
 img
 imgur
 imsahil
+inclusivity
+indent
+inetutils
 INI
 inosmeet
 iperf
@@ -312,6 +330,7 @@ jacksondatabind
 janus
 jasper
 javascript
+jbig
 jdk
 jerinjtitus
 jhead
@@ -338,6 +357,7 @@ libass
 libbluetooth
 libbpg
 libc
+libcap
 libcoap
 libconfuse
 libcurl
@@ -357,6 +377,7 @@ libinput
 libjpeg
 libksba
 liblas
+liblouis
 libmatroska
 libmemcached
 libmicrohttpd
@@ -368,6 +389,8 @@ libpng
 libprotobuf
 libraryname
 libraw
+libreoffice
+libreswan
 librsvg
 librsync
 libsamplerate
@@ -393,6 +416,7 @@ libvpx
 libxml
 libxslt
 libyaml
+libyang
 lifecycle
 lighttpd
 linode
@@ -401,13 +425,15 @@ linux
 linuxptp
 lite
 lldpd
+llvm
 logrotate
 lrzip
 lua
 luajit
 lxc
 lynx
 lz
+lzo
 mailx
 malloc
 malware
@@ -454,6 +480,7 @@ msmtp
 msys
 mtr
 mupdf
+musl
 mutt
 myapp
 myappvendor
@@ -504,10 +531,12 @@ nvdosvgad
 nvdosvgadcurl
 oath
 OCSP
+ofono
 onboarding
 oneline
 open
 openafs
+openblas
 opencv
 openjpeg
 openldap
@@ -519,7 +548,9 @@ opensuse
 openswan
 openvex
 openvpn
+openvswitch
 openwrt
+opkg
 orc
 ossl
 osv
@@ -546,6 +577,7 @@ picocom
 pigz
 pixbuf
 pixman
+pjsip
 plotly
 png
 pocoo
@@ -597,6 +629,7 @@ readthedocs
 realpython
 rebasing
 redhat
+redis
 refactored
 refactoring
 regex
@@ -617,6 +650,7 @@ rsync
 rsyslog
 rtl
 rtmpdump
+ruby
 runc
 rust
 sakshatshinde
@@ -626,6 +660,7 @@ sandboxing
 sane
 sanketsaurav
 sannanansari
+sasl
 Saurabh
 sbs
 sdk
@@ -678,6 +713,7 @@ tagvalue
 tar
 tarfiles
 taskbar
+tbb
 tcpdump
 tcpreplay
 tempfile
@@ -702,6 +738,7 @@ toml
 toolkit
 tools
 tor
+toybox
 tpm
 traceroute
 transmission
@@ -737,6 +774,7 @@ util
 utkarsh
 utm
 uuid
+uwsgi
 v
 varnish
 venv
@@ -756,6 +794,8 @@ Vulnerability
 Vulnerabity
 vulnerablities
 vulnerablity
+wavpack
+WCAG
 webkitgtk
 webserver
 website
@@ -773,25 +813,30 @@ workarounds
 workflow
 workflows
 wpa
+wrt
 wsl
 www
 wzao
 Xchange
+XDG
 XDRAGON
 xerces
 Xiph
 xkcd
 xml
+xpdf
 xscreensaver
 xvf
 xwayland
+xz
 yakkety
 yaml
 yashugarg
 yasm
 yml
 YYYY
 zabbix
+zbar
 zchunk
 zeek
 zip

.github/codecov.yml

@@ -0,0 +1,14 @@
+codecov:
+  token: ${{ secrets.CODECOV_TOKEN }}
+  ci:
+    - github-actions
+  max_report_age: 12
+  require_ci_to_pass: TRUE
+
+coverage:
+  round: down
+  range: 60..80
+
+comment:
+    layout: "condensed_header, condensed_files, condensed_footer"
+    hide_project_coverage: FALSE

.github/workflows/build-wheel.yml

@@ -23,12 +23,12 @@ jobs:
     if: github.repository == 'intel/cve-bin-tool' # run on origin repo only
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
       with:
         egress-policy: audit
 
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-    - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+    - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: ${{ matrix.python-version }}
         cache: 'pip'

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
       with:
         egress-policy: audit
 
@@ -51,7 +51,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      uses: github/codeql-action/init@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -76,4 +76,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
+      uses: github/codeql-action/analyze@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19

.github/workflows/coverity.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+      uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
       with:
         egress-policy: audit
 

.github/workflows/cve_scan.yml

@@ -17,12 +17,12 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
         with:
           egress-policy: audit
 
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: '3.11'
           cache: 'pip'
@@ -32,7 +32,7 @@ jobs:
         run: |
           echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
       - name: Get cached database
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: cache
           key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}

.github/workflows/dependency-review.yml

@@ -17,11 +17,11 @@ jobs:
     runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1