Skip to content

add Library Scan (with image scan) #829

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 36 commits into from
Jun 12, 2019
Merged

add Library Scan (with image scan) #829

merged 36 commits into from
Jun 12, 2019

Conversation

tomoyamachi
Copy link
Contributor

@tomoyamachi tomoyamachi commented Jun 6, 2019
edited
Loading

What did you implement:

add library scan via trivy.

  • Gemfile.lock
  • Pipfile.lock
  • poetry.lock
  • composer.lock
  • package-lock.json
  • yarn.lock
  • Cargo.lock

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)

How Has This Been Tested?

test on the following config file.

[servers]

[servers.abuntu]
host         = "xxx.xxx.xxx"
port        = "22"
user        = "tamachi"
keyPath     = "/Users/amachi/.ssh/id_dsa"
findLock = true # auto detect lockfile
lockfiles = [
  "/home/tamachi/lockfiles/package-lock.json"
  "/home/tamachi/lockfiles/yarn.lock"
]

[servers.image]
type="pseudo"
    [servers.image.images.hyperkube]
    name="gcr.io/google-containers/hyperkube"
    tag="v1.11.10"
    [servers.image.images.web-dvwa]
    name="vulnerables/web-dvwa"
    tag="latest"
    [servers.image.images.gcr]
    name="asia.gcr.io/bizshift-stg/api"
    tag="latest"
        [servers.image.images.gcr.dockerOption]
        gcpCredPath="/Users/amachi/Downloads/key.json"

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

kotakanbe
kotakanbe reviewed Jun 6, 2019
View reviewed changes
kotakanbe
kotakanbe reviewed Jun 6, 2019
View reviewed changes
kotakanbe
kotakanbe reviewed Jun 6, 2019
View reviewed changes
kotakanbe
kotakanbe reviewed Jun 6, 2019
View reviewed changes
kotakanbe
kotakanbe reviewed Jun 6, 2019
View reviewed changes
kotakanbe
kotakanbe reviewed Jun 6, 2019
View reviewed changes
@tomoyamachi tomoyamachi mentioned this pull request Jun 6, 2019
Closed
golangcibot
golangcibot reviewed Jun 6, 2019
View reviewed changes
@tomoyamachi tomoyamachi reopened this Jun 12, 2019
golangcibot
golangcibot reviewed Jun 12, 2019
View reviewed changes
@kotakanbe kotakanbe merged commit abcea1a into future-architect:master Jun 12, 2019
@kotakanbe kotakanbe mentioned this pull request Jun 14, 2019
Closed
bcmills
bcmills reviewed Jul 1, 2019
View reviewed changes
go.mod
gopkg.in/mattn/go-runewidth.v0 v0.0.4 // indirect
)

replace github.com/genuinetools/reg => github.com/tomoyamachi/reg v0.16.2-0.20190418055600-c6010b917a55
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I got here from golang/go#32879. We're not sure whether this version string should/will be valid in Go 1.13, since it refers to the same commit as v0.16.1.

Could you share some info on how you produced this version string? I'm curious as to how you arrived at a pseudo-version instead of the tagged version.

CC @jayconrod @heschik

Copy link
Contributor Author

@tomoyamachi tomoyamachi Jul 3, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bcmills That was an odd way.

  1. git checkout -b <branch>
  2. fixed in a forked repository
  3. git tag v0.16.2 && git push origin <branch> --tags
  4. add replace github.com/genuinetools/reg => github.com/tomoyamachi/reg v0.16.2 to go.mod, and run go mod tidy
  5. something wrong in step 4
  6. git tag -d v0.16.2 && git push --tags
  7. add replace github.com/genuinetools/reg => github.com/tomoyamachi/reg <branch> to go.mod, and run go mod tidy
  8. auto generate v0.16.2-0.20190418055600-c6010b917a55
go version go1.12.3 darwin/amd64

I hope this answer helps you.

Copy link
Contributor Author

@tomoyamachi tomoyamachi Jul 3, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Anyway, I will fix the current versioning.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kotakanbe kotakanbe kotakanbe left review comments

@bcmills bcmills bcmills left review comments

@golangcibot golangcibot golangcibot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tomoyamachi @kotakanbe @bcmills @golangcibot