feat: add Dockerfile analysis for build command detection

achrafmag · achrafmag · commit 4643b7461439 · 2025-05-26T13:25:31.000+01:00
Changes:

-Function find_dockerfile_from_job: handles finding Dockerfile inside workflow in 2 cases of workflow jobs: -run and -uses.

-Simple DockerNode class, so far it stores mainly the dockerfile path retrieved from workflow

-Parsing Dockerfile using dockerfile-parse and RUN instruction commands using bashparser.py

Signed-off-by: Achraf Maghous &lt;achraf.maghous@oracle.com&gt;
diff --git a/pyproject.toml b/pyproject.toml
@@ -36,7 +36,7 @@ dependencies = [
     "cyclonedx-python-lib[validation] >=7.3.4,<8.0.0",
     "beautifulsoup4 >= 4.12.0,<5.0.0",
     "problog >= 2.2.6,<3.0.0",
-    "dockerfile-parse"
+    "dockerfile-parse >= 2.0.1"
 ]
 keywords = []
 # https://pypi.org/classifiers/
@@ -78,7 +78,7 @@ dev = [
     "pylint >=3.0.3,<4.0.0",
     "cyclonedx-bom >=4.0.0,<5.0.0",
     "types-beautifulsoup4 >= 4.12.0,<5.0.0",
-    "types-dockerfile-parse"
+    "types-dockerfile-parse >= 2.0.0"
 ]
 docs = [
     "sphinx >=8.0.0,<9.0.0",
