From cad53c3b2d5f23a70481deb136ad7d94ce04982b Mon Sep 17 00:00:00 2001 From: berejmaj Date: Tue, 19 May 2026 13:30:30 +0200 Subject: [PATCH 1/3] url decoding in teamfindings --- .../api/teamfindings/service/FindingsByTeamService.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java b/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java index 4c35fbef..0c35e9cc 100644 --- a/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java +++ b/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java @@ -27,6 +27,8 @@ import org.springframework.stereotype.Service; import java.math.BigDecimal; +import java.net.URLDecoder; +import java.nio.charset.StandardCharsets; import java.security.Principal; import java.util.List; import java.util.Map; @@ -166,7 +168,9 @@ public Page getCloudAndRepoFindingsAndVulns(Str String sourceStr = filters.getOrDefault("source", null); String statusStr = filters.getOrDefault("status", null); String nameRaw = filters.getOrDefault("name", null); - if (nameRaw != null && nameRaw.isBlank()) { + if (nameRaw != null && !nameRaw.isBlank()) { + nameRaw = URLDecoder.decode(nameRaw, StandardCharsets.UTF_8); + } else { nameRaw = null; } String name = nameRaw != null ? nameRaw.toLowerCase() : null; From 236c2476d06e69a5a9fa8761ead9ec007d71323f Mon Sep 17 00:00:00 2001 From: berejmaj Date: Thu, 21 May 2026 09:40:01 +0200 Subject: [PATCH 2/3] sbom scan fix --- backend/Dockerfile | 16 +++++++++++++--- backend/Dockerfile.base | 17 +++++++++++++---- .../scanner/sca/service/CdxGenService.java | 2 ++ 3 files changed, 28 insertions(+), 7 deletions(-) diff --git a/backend/Dockerfile b/backend/Dockerfile index fbbdbbd3..b34a1c21 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -68,17 +68,27 @@ ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION} ENV PATH="$PATH:$GRADLE_HOME/bin" # ── Layer group 3: Security tools (rarely changes) ────────── -RUN npm install -g @cyclonedx/cdxgen@latest +# cdxgen: install official GitHub binary (avoids npm registry TLS issues behind some proxies). +ENV CDXGEN_VERSION=v12.3.3 +RUN ARCH=$(uname -m) && \ + if [ "$ARCH" = "x86_64" ]; then \ + wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-amd64"; \ + elif [ "$ARCH" = "aarch64" ]; then \ + wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-arm64"; \ + else \ + echo "Unsupported architecture: $ARCH"; exit 1; \ + fi && \ + chmod +x /usr/local/bin/cdxgen RUN ARCH=$(uname -m) && \ if [ "$ARCH" = "x86_64" ]; then \ wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_x64.tar.gz; \ wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_amd64.tar.gz; \ - wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_amd64.tar.gz; \ + wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_amd64.tar.gz; \ elif [ "$ARCH" = "aarch64" ]; then \ wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_arm64.tar.gz; \ wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_arm64.tar.gz; \ - wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_arm64.tar.gz; \ + wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_arm64.tar.gz; \ else \ echo "Unsupported architecture: $ARCH"; exit 1; \ fi && \ diff --git a/backend/Dockerfile.base b/backend/Dockerfile.base index eb53002a..7c4ce0ee 100644 --- a/backend/Dockerfile.base +++ b/backend/Dockerfile.base @@ -42,19 +42,28 @@ RUN wget -q https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-b ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION} ENV PATH="$PATH:$GRADLE_HOME/bin" -# ── Node tools ─────────────────────────────────────────────── -RUN npm install -g @cyclonedx/cdxgen@latest +# ── cdxgen (GitHub binary; avoids npm registry TLS issues) ─ +ENV CDXGEN_VERSION=v12.3.3 +RUN ARCH=$(uname -m) && \ + if [ "$ARCH" = "x86_64" ]; then \ + wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-amd64"; \ + elif [ "$ARCH" = "aarch64" ]; then \ + wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-arm64"; \ + else \ + echo "Unsupported architecture: $ARCH"; exit 1; \ + fi && \ + chmod +x /usr/local/bin/cdxgen # ── Security scanners ─────────────────────────────────────── RUN ARCH=$(uname -m) && \ if [ "$ARCH" = "x86_64" ]; then \ wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_x64.tar.gz; \ wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_amd64.tar.gz; \ - wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_amd64.tar.gz; \ + wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_amd64.tar.gz; \ elif [ "$ARCH" = "aarch64" ]; then \ wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_arm64.tar.gz; \ wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_arm64.tar.gz; \ - wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_arm64.tar.gz; \ + wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_arm64.tar.gz; \ else \ echo "Unsupported architecture: $ARCH"; exit 1; \ fi && \ diff --git a/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java b/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java index ab7c909b..f2247b36 100644 --- a/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java +++ b/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java @@ -83,6 +83,8 @@ public void generateBom(String repoDir, CodeRepo codeRepo, CodeRepoBranch codeRe ProcessBuilder pb = new ProcessBuilder( "cdxgen", + "--spec-version", + "1.5", "--recurse", "--required-only", "--output", From b8ba25f05c875464dafd0c6eddfe1f24a54beef6 Mon Sep 17 00:00:00 2001 From: berejmaj Date: Thu, 21 May 2026 09:44:52 +0200 Subject: [PATCH 3/3] sbom scan fix --- backend/Dockerfile | 12 +----------- backend/Dockerfile.base | 12 +----------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/backend/Dockerfile b/backend/Dockerfile index b34a1c21..e7c46cc6 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -68,17 +68,7 @@ ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION} ENV PATH="$PATH:$GRADLE_HOME/bin" # ── Layer group 3: Security tools (rarely changes) ────────── -# cdxgen: install official GitHub binary (avoids npm registry TLS issues behind some proxies). -ENV CDXGEN_VERSION=v12.3.3 -RUN ARCH=$(uname -m) && \ - if [ "$ARCH" = "x86_64" ]; then \ - wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-amd64"; \ - elif [ "$ARCH" = "aarch64" ]; then \ - wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-arm64"; \ - else \ - echo "Unsupported architecture: $ARCH"; exit 1; \ - fi && \ - chmod +x /usr/local/bin/cdxgen +RUN npm install -g @cyclonedx/cdxgen@latest RUN ARCH=$(uname -m) && \ if [ "$ARCH" = "x86_64" ]; then \ diff --git a/backend/Dockerfile.base b/backend/Dockerfile.base index 7c4ce0ee..1df8cac6 100644 --- a/backend/Dockerfile.base +++ b/backend/Dockerfile.base @@ -42,17 +42,7 @@ RUN wget -q https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-b ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION} ENV PATH="$PATH:$GRADLE_HOME/bin" -# ── cdxgen (GitHub binary; avoids npm registry TLS issues) ─ -ENV CDXGEN_VERSION=v12.3.3 -RUN ARCH=$(uname -m) && \ - if [ "$ARCH" = "x86_64" ]; then \ - wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-amd64"; \ - elif [ "$ARCH" = "aarch64" ]; then \ - wget -q -O /usr/local/bin/cdxgen "https://github.com/cdxgen/cdxgen/releases/download/${CDXGEN_VERSION}/cdxgen-linux-arm64"; \ - else \ - echo "Unsupported architecture: $ARCH"; exit 1; \ - fi && \ - chmod +x /usr/local/bin/cdxgen +RUN npm install -g @cyclonedx/cdxgen@latest # ── Security scanners ─────────────────────────────────────── RUN ARCH=$(uname -m) && \