Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable resolving vulnerable dependencies fixes from an Artifactory server for Golang projects #639

Merged
merged 7 commits into from
Feb 18, 2024
Merged

Enable resolving vulnerable dependencies fixes from an Artifactory server for Golang projects #639

merged 7 commits into from
Feb 18, 2024

Conversation

eranturgeman
Copy link
Contributor

@eranturgeman eranturgeman commented Feb 13, 2024
edited

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.

This pull request implements an enhancement that enables the utilization of a custom remote registry for Golang projects during scan-and-fix. Previously, we were able to resolve dependencies using an Artifactory server as the remote registry only during the scan phase. With this update, we can now also leverage it directly during the fix process itself.
Depends on: jfrog/jfrog-cli-core#1128

@eranturgeman eranturgeman added the new feature Automatically generated release notes label Feb 13, 2024
@eranturgeman
Merge branch 'dev' of https://github.com/jfrog/frogbot into resolutio…
05d1adf 
…n-from-artifactory-golang

# Conflicts:
#	go.mod
#	go.sum
@eranturgeman
.
76ce142
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Feb 14, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 14, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Feb 14, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 14, 2024
attiasas
attiasas reviewed Feb 15, 2024
View reviewed changes
Copy link
Contributor

@attiasas attiasas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
This is probably an improvement or a bug since we already supported it while running the audit using:
image

This PR now also makes sure when issues are found and can be fixed, we are also using the Artifactory dependency resolution with Golang

@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Feb 18, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 18, 2024
@eranturgeman eranturgeman added improvement Automatically generated release notes safe to test Approve running integration tests on a pull request and removed new feature Automatically generated release notes labels Feb 18, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 18, 2024
@eranturgeman eranturgeman added the safe to test Approve running integration tests on a pull request label Feb 18, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Feb 18, 2024
@github-actions GitHub Actions
Copy link
Contributor

👍 Frogbot scanned this pull request and found that it did not add vulnerable dependencies.

@eranturgeman eranturgeman changed the title Introducing Artifactory as a dependencies resolution registry during scan-and-fix for Golang projects Enable resolving vulnerable dependencies fixes from an Artifactory server for Golang projects Feb 18, 2024
@eranturgeman eranturgeman merged commit 9e5d77a into jfrog:dev Feb 18, 2024
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@attiasas attiasas attiasas left review comments

Assignees
No one assigned
Labels
improvement Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@eranturgeman @attiasas