-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GradleOSV Scanner #563
GradleOSV Scanner #563
Conversation
maitrayshah-cb
commented
Mar 3, 2022
•
edited
Loading
edited
- Adding support for Gradle CVE Scanning.
- Handling various version strings.
- Adding SARIF support.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the quick progress on this! Overall looks great, left a few requests.
Review Error for joshua-ostrom @ 2022-03-15 14:28:56 UTC |
return report_success if results.empty? | ||
|
||
report_failure | ||
log(JSON.pretty_generate(results)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you intended to retain this loggin?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes that's the one printing to console with the results
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should really wrap these, but that can be a salus-wide change for another day
scanner = Salus::Scanners::OSV::GradleOSV.new(repository: repo, config: {}) | ||
stub_req_with_valid_response | ||
scanner.run | ||
report = Salus::Report.new(project_name: "Neon Genesis") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TIL Neon Genesis