pin sobelow version

Author: northdpole

components/scanners/sobelow/README.md

@@ -1,16 +1,15 @@
-# Credo
+# Sobelow Scanner version v0.14.0
 
-This component implements a [scanner](https://github.com/smithy-security/smithy/blob/main/sdk/component/component.go)
-that parses json reports output by [credo](https://github.com/rrrene/credo/) into [ocsf](https://github.com/ocsf) format.
+## Overview
 
-## Environment variables
+Sobelow is a static analysis tool for discovering security vulnerabilities in Elixir web applications. It helps developers identify potential security issues in their code. This component integrates Sobelow and parses its findings into the OCSF format.
 
-The component uses environment variables for configuration.
+## Version
 
-It requires the component
-environment variables defined [here](https://github.com/smithy-security/smithy/blob/main/sdk/README.md#component) as well
-as the following:
+This component uses Sobelow v0.14.0
 
-| Environment Variable     | Type   | Required | Default    | Description                                             |
-|--------------------------|--------|----------|------------|---------------------------------------------------------|
-| CREDO\_RAW\_OUT\_FILE\_PATH  | string | yes      | -          | The path where to find the sarif report                 |
+## How to Run
+
+```bash
+smithyctl workflow run  --build-component-images=true --overrides=./examples/sobelow/overrides.yaml ./examples/sobelow/workflow.yaml
+```

components/scanners/sobelow/scanner/Dockerfile

@@ -2,7 +2,7 @@ FROM elixir:otp-28
 
 COPY entrypoint.sh /entrypoint.sh
 # Install Sobelow
-RUN echo Y |mix escript.install github sobelow/sobelow  && \
+RUN echo Y |mix escript.install github sobelow/sobelow tag v0.14.0 && \
     chmod +x /entrypoint.sh
 
 ENTRYPOINT [ "/entrypoint.sh" ]