Skip to content

Commit

Permalink
Enable resolving vulnerable dependencies fixes from an Artifactory se…
Browse files Browse the repository at this point in the history 
…rver for Golang projects (#639)
  • Loading branch information
@eranturgeman
eranturgeman authored Feb 18, 2024
1 parent c5443c8 commit 9e5d77a
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 9 deletions.
6 changes: 3 additions & 3 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,10 @@ require (
gopkg.in/warnings.v0 v0.1.2 // indirect
)

replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240214142246-bb1e61c953ac
replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240218125754-97305051f203

replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.0.2-0.20240214165055-5ca5e6374e6c
replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.0.2-0.20240218142336-a98ce6c49710

// replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev

replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240214150718-c734e234d315
replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240218093454-1c352a93c23d
12 changes: 6 additions & 6 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -898,12 +898,12 @@ github.com/jfrog/gofrog v1.6.0 h1:jOwb37nHY2PnxePNFJ6e6279Pgkr3di05SbQQw47Mq8=
github.com/jfrog/gofrog v1.6.0/go.mod h1:SZ1EPJUruxrVGndOzHd+LTiwWYKMlHqhKD+eu+v5Hqg=
github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240214142246-bb1e61c953ac h1:dOPjCfPHtCdpp2e3yGeZZ7EieFxvlY6E45XGVqto5Mg=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240214142246-bb1e61c953ac/go.mod h1:xKh03WzFK7YlZtHNJdOzkMvFjyq75yeUWW5EKNKV2Qk=
github.com/jfrog/jfrog-cli-security v1.0.2-0.20240214165055-5ca5e6374e6c h1:oWlaEVqbkrbe3sX281EKE+lM8Y0OMep1y8X9S1Vl3HA=
github.com/jfrog/jfrog-cli-security v1.0.2-0.20240214165055-5ca5e6374e6c/go.mod h1:CQo/eRqwB+O31pCnJv6tdvrTLWP2K7fmK4k4Oh+gebQ=
github.com/jfrog/jfrog-client-go v1.28.1-0.20240214150718-c734e234d315 h1:A/pujr4z8wSFK5Atrr5NHnsl1Y758zP2++R99qNKDyE=
github.com/jfrog/jfrog-client-go v1.28.1-0.20240214150718-c734e234d315/go.mod h1:fV5wrs86ihQkFKfMKpGxMbNf3mbVT4LUf320C1T9C2M=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240218125754-97305051f203 h1:zPKW3AGH1kqgz4mtgGfhdXJNaxS+55cReFymSKXezdE=
github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240218125754-97305051f203/go.mod h1:+azTP7jL4ebGF//oVz+kCsLOIFxBp/19McVB0KHwT8U=
github.com/jfrog/jfrog-cli-security v1.0.2-0.20240218142336-a98ce6c49710 h1:evvHc1SFVVEYCG1kZBnEFPAZLfZsCRwGJpOh4/do44Q=
github.com/jfrog/jfrog-cli-security v1.0.2-0.20240218142336-a98ce6c49710/go.mod h1:/Uccx1NRCqLtxMQiCJOYOLAW3/omlZLhpan9PA22Fn0=
github.com/jfrog/jfrog-client-go v1.28.1-0.20240218093454-1c352a93c23d h1:59C2AOjdp5Wp/WoeQZkOGbAtKnhY1a9YhrnAdeVbVYs=
github.com/jfrog/jfrog-client-go v1.28.1-0.20240218093454-1c352a93c23d/go.mod h1:fV5wrs86ihQkFKfMKpGxMbNf3mbVT4LUf320C1T9C2M=
github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
Expand Down
7 changes: 7 additions & 0 deletions packagehandlers/gopackagehandler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,20 @@ package packagehandlers

import (
"github.com/jfrog/frogbot/v2/utils"
golangutils "github.com/jfrog/jfrog-cli-core/v2/artifactory/commands/golang"
)

type GoPackageHandler struct {
CommonPackageHandler
}

func (golang *GoPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error {
// Configure resolution from an Artifactory server if needed
if golang.depsRepo != "" {
if err := golangutils.SetArtifactoryAsResolutionServer(golang.serverDetails, golang.depsRepo); err != nil {
return err
}
}
// In Golang, we can address every dependency as a direct dependency.
return golang.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand())
}

0 comments on commit 9e5d77a

Please sign in to comment.