Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit - Support Pnpm SCA scan #18

Merged
merged 11 commits into from
Feb 18, 2024
Merged

Audit - Support Pnpm SCA scan #18

merged 11 commits into from
Feb 18, 2024

Conversation

attiasas
Copy link
Contributor

@attiasas attiasas commented Jan 31, 2024
edited
Loading

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.

Adding support Pnpm technology for SCA Xray scan
depends on: jfrog/jfrog-cli-core#1122

Supported features:

  • Scanning dependencies provided by Pnpm
  • Audit flag --pnpm to force scanning this package manager
  • Artifactory configurations for this package manager: Add pnpm-config command jfrog-cli#2444
  • Npm dependencies type flag: you can use the Audit flag dep-type for this package manager as well

Since we add a new step to install pnpm it will only be available after merge. the tests are passing:
image
image

@attiasas attiasas added the improvement Automatically generated release notes label Jan 31, 2024
@attiasas attiasas changed the title Add support for Pnpm SCA scan Audit - Support Pnpm SCA scan Feb 13, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Feb 13, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 13, 2024
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Feb 14, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 14, 2024
@github-actions GitHub Actions
Copy link

👍 Frogbot scanned this pull request and found that it did not add vulnerable dependencies.

yahavi
yahavi suggested changes Feb 16, 2024
View reviewed changes
commands/audit/sca/pnpm/pnpm.go Outdated Show resolved Hide resolved
commands/audit/sca/pnpm/pnpm.go Outdated Show resolved Hide resolved
commands/audit/sca/pnpm/pnpm.go Outdated Show resolved Hide resolved
commands/audit/sca/pnpm/pnpm.go Show resolved Hide resolved
commands/audit/sca/pnpm/pnpm.go Show resolved Hide resolved
commands/audit/sca/pnpm/pnpm.go Outdated Show resolved Hide resolved
commands/audit/scarunner.go Outdated Show resolved Hide resolved
@attiasas attiasas mentioned this pull request Feb 18, 2024
Merged
4 tasks
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Feb 18, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 18, 2024
@attiasas attiasas merged commit f0c7df6 into jfrog:dev Feb 18, 2024
4 of 8 checks passed
@attiasas attiasas deleted the add_pnpm branch February 18, 2024 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yahavi yahavi yahavi requested changes

@hadarshjfrog hadarshjfrog Awaiting requested review from hadarshjfrog

Assignees
No one assigned
Labels
improvement Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@attiasas @yahavi