Is your feature request related to a problem? Please describe.
powershell isn't supported by mvdan.cc/sh/v3/syntax and so the Pinned dependency and others such as SAST check ignores .ps1 files AND powershell based tasks/jobs in GitHub Actions AND fails on windows containers dockerfiles that use powershell.
Supporting powershell based scripts will increase the number of repositories that can leverage the Pinned Dependency checks.
Describe the solution you'd like
Pinned Dependency should be able to analyze the following and treat them the same as POSIX Shell, Bash, and mksh and leverage the existing checks that are implemented for those scripts:
.ps1 files
powershell tasks/jobs in GitHub Actions
windows container dockerfiles that use powershell RUN commands
examples:
go run main.go --repo PULSAR-Modders/pulsar-mod-loader --checks Pinned-Dependencies --format json --show-details | jq
go run main.go --repo SonarSource/sonar-dotnet --checks Pinned-Dependencies --format json --show-details | jq
go run main.go --repo dotnet/runtime --checks Pinned-Dependencies --format json --show-details | jq
today these examples do not detect the .net dependencies given that they are either specified in yaml powershell jobs, or in .ps1 files, or the check fails because the dockerfile is using powershell script.
Is your feature request related to a problem? Please describe. powershell isn't supported by mvdan.cc/sh/v3/syntax and so the Pinned dependency and others such as SAST check ignores .ps1 files AND powershell based tasks/jobs in GitHub Actions AND fails on windows containers dockerfiles that use powershell. Supporting powershell based scripts will increase the number of repositories that can leverage the Pinned Dependency checks.
Describe the solution you'd like Pinned Dependency should be able to analyze the following and treat them the same as POSIX Shell, Bash, and mksh and leverage the existing checks that are implemented for those scripts:
examples:
today these examples do not detect the .net dependencies given that they are either specified in yaml powershell jobs, or in .ps1 files, or the check fails because the dockerfile is using powershell script.