chore: lots more tweaks

Author: KLongmuirHD

.github/workflows/demo-build-and-scan-docker-image.yml

@@ -6,6 +6,7 @@ on:
 
 env:
   TRACKING_OPT_OUT: 'true'
+  CDXGEN_DEBUG_MODE: 'debug' # recommended for more verbose output from cdxgen
 
 jobs:
   build-and-sbom:
@@ -27,12 +28,10 @@ jobs:
         run: npm install -g @cyclonedx/cdxgen
 
       - name: Build Docker image
-        run: |
-          docker build -f ./ci/image.Dockerfile -t herodevs/eol-scan:local .
+        run: docker build -f ./ci/demo.Dockerfile -t herodevs/demo-image:local .
 
       - name: Generate SBOM for local Docker image
-        run: |
-          cdxgen -t docker -o sbom.json -r herodevs/eol-scan:local
+        run: cdxgen -t docker -o sbom.json -r herodevs/demo-image:local
 
       - name: Verify SBOM exists
         run: ls -l sbom.json
@@ -60,8 +59,7 @@ jobs:
           path: .
 
       - name: Run EOL scan
-        run: |
-          npx @herodevs/cli@beta scan eol --file=sbom.json
+        run: npx @herodevs/cli@beta scan eol --file=sbom.json
 
       - name: Upload HD report
         uses: actions/upload-artifact@v4

.github/workflows/demo-docker-buildx-sbom-scan.yml

@@ -9,6 +9,7 @@ permissions:
 
 env:
   TRACKING_OPT_OUT: 'true'
+  CDXGEN_DEBUG_MODE: 'debug' # recommended for more verbose output from cdxgen
 
 jobs:
   generate-sbom:
@@ -25,11 +26,10 @@ jobs:
         run: npm install -g @cyclonedx/cdxgen
 
       - name: Pull Docker image
-        run: docker pull ghcr.io/herodevs/eol-scan:latest
+        run: docker pull mcr.microsoft.com/playwright:v1.50.0-noble
 
       - name: Generate SBOM for Docker image
-        run: |
-          cdxgen -t docker -o sbom.json -r ghcr.io/herodevs/eol-scan:latest
+        run: cdxgen -t docker -o sbom.json -r mcr.microsoft.com/playwright:v1.50.0-noble
 
       - name: Upload SBOM artifact
         uses: actions/upload-artifact@v4
@@ -54,8 +54,7 @@ jobs:
           path: .
 
       - name: Run EOL scan
-        run: |
-          npx @herodevs/cli@beta scan eol --file=sbom.json
+        run: npx @herodevs/cli@beta scan eol --file=sbom.json
 
       - name: Upload HD report
         uses: actions/upload-artifact@v4

.github/workflows/demo-scan-docker-image.yml

@@ -18,18 +18,10 @@ jobs:
           ref: main
 
       - name: Run EOL Scan with Docker
-        run: |
-          # Create output directory
-          mkdir -p output
-          
-          # Run container with volume mount to write report
-          docker run --rm \
-            -v ${{ github.workspace }}/output:/workspace \
-            -w /workspace \
-            ghcr.io/herodevs/eol-scan -s
+        run: docker run -v "$PWD":/app ghcr.io/herodevs/eol-scan --save
 
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
           name: my-eol-report
-          path: output/herodevs.report.json
+          path: ./herodevs.report.json

.github/workflows/demo-scan-with-image.yml

@@ -21,10 +21,10 @@ jobs:
           node-version: '22'
 
       - name: Run EOL Scan
-        run: npx @herodevs/cli@beta
+        run: npx @herodevs/cli@beta scan eol -s
 
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with:
           name: my-eol-report
-          path: herodevs.report.json
+          path: ./herodevs.report.json

.github/workflows/demo-scan.yaml

@@ -12,7 +12,8 @@ pnpm-lock.yaml
 **/tsconfig.tsbuildinfo
 .envrc
 
-# Various SBOM Output Files
+# Various SBOM Test Output Files
 herodevs.report.json
 herodevs.sbom.json
-bom.json
+bom.json
+sbom.json

.gitignore

@@ -0,0 +1,5 @@
+# This image is used in the demo GitHub workflows to show a minimal docker image scan
+
+FROM mcr.microsoft.com/playwright:v1.50.0-noble
+WORKDIR /app
+CMD ["node", "--version"]