Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nancy uses Nexus IQ Server, the journey #68
Nancy uses Nexus IQ Server, the journey #68
Changes from 10 commits
882af3e
1126c52
540319d
3803263
f0d0a00
ea49c69
a6df6e0
3613341
f564124
57a2fd8
6839696
772d557
e46bd59
93eceaf
8c81fa8
4adf87f
4de41cc
b1e3bcf
706eedc
123b17f
2bce2bf
0cbe2aa
2f28bf5
74d58e4
976f992
b68c112
0bcc6ff
05671b3
fbe2d53
ccfac65
4a87b82
e7094a2
b5ab28b
e120525
1a5b80e
ecd0ee6
323fde6
89de1e1
988416c
ce572ea
2e0f0fc
180312c
ca93f03
3e0da2e
1bb2446
1889f40
1dca5e9
44025fb
7dda206
84ecaf9
cf478b5
2b58404
b977b5a
431b1a9
55c529c
aa1fe64
34d5e5b
07ab7df
2461c57
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would the default be
develop
?? Im going to guess 99% of the time this will be running on CI so shouldn't it bebuild
. Keep in mind i have no real idea what this stages mean in IQ (only briefly read some of the docs :) ) so I'll defer to you of course.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You have
build
>develop
>release-stage
>release
. I went with develop as a default as Nancy can be used by developers locally pretty easy. We could set it tobuild
for sure, but it kinda depends on how you setup your policy TBH with Nexus IQ. I originally had it asbuild
ftr. I can go either way!There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool cool.... that makes sense then.
#scopeCreepAndMaybeNotWorthIt
But would it make sense to detect if on CI (looking for TRAVIS, CIRCLECI, CI, etc etc) environment variables and if one of those is set you change the stage automagically to
build
/release-stage
?? Maybe that is still back into the "how you setup your policy in Nexus IQ" again and it doesn't matter. ¯_(ツ)_/¯There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I LIKE THAT. We'd still need to allow someone to override it, though, because people use Travis, CircleCI etc... to do CD too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah for sure...if you pass it in then that is the value to be used. But nancy will attempt to "smart default" it for you.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nancy is so clever!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should create a ticket for this, it was a fantastic suggestion, however I dunno if I want to do it in this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this might answer some of my other questions on why you did it the way you did....you are forcing the users to only use the
|
option by doing this. Personally i feel like making the api consistent so that if im using OSS or IQ server it should work the same. Whether by pipe or passing in the file to be scanned.Really defining IQ is just saying i want you to use a different underlying audit infrastructure. Nancy is just a facilitator and shouldn't behave differently b/c of that switch out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I want to make it work for
dep
but not parsinggo.sum
(sincego list -m all
is the preferred way to do this, more authoritative)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's cool. Im going to open an issue to remove support for
go.sum
if we want to move away. No sense in supporting both.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#69