pin sobelow version

Author: northdpole

components/scanners/sobelow/README.md

@@ -1,16 +1,13 @@
-# Credo
+# Sobelow Scanner version v0.14.0
 
-This component implements a [scanner](https://github.com/smithy-security/smithy/blob/main/sdk/component/component.go)
-that parses json reports output by [credo](https://github.com/rrrene/credo/) into [ocsf](https://github.com/ocsf) format.
+## Overview
+Sobelow is a static analysis tool for discovering security vulnerabilities in Elixir web applications. It helps developers identify potential security issues in their code. This component integrates Sobelow and parses its findings into the OCSF format.
 
-## Environment variables
+## Version
+This component uses Sobelow v0.14.0
 
-The component uses environment variables for configuration.
+## How to Run
 
-It requires the component
-environment variables defined [here](https://github.com/smithy-security/smithy/blob/main/sdk/README.md#component) as well
-as the following:
-
-| Environment Variable     | Type   | Required | Default    | Description                                             |
-|--------------------------|--------|----------|------------|---------------------------------------------------------|
-| CREDO\_RAW\_OUT\_FILE\_PATH  | string | yes      | -          | The path where to find the sarif report                 |
+```bash
+smithyctl workflow run  --build-component-images=true --overrides=./examples/sobelow/overrides.yaml ./examples/sobelow/workflow.yaml
+```

components/scanners/sobelow/scanner/Dockerfile

@@ -2,7 +2,7 @@ FROM elixir:otp-28
 
 COPY entrypoint.sh /entrypoint.sh
 # Install Sobelow
-RUN echo Y |mix escript.install github sobelow/sobelow  && \
+RUN echo Y |mix escript.install github sobelow/sobelow tag v0.14.0 && \
     chmod +x /entrypoint.sh
 
 ENTRYPOINT [ "/entrypoint.sh" ]