Enable resolving vulnerable dependencies fixes from an Artifactory server for Golang projects

go.mod

@@ -119,9 +119,9 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240213075115-4bf1fe83505d
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240213152915-98dca8655f69
 
-replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.0.2-0.20240214091334-d8ecf2a2cf76
+replace github.com/jfrog/jfrog-cli-security => github.com/eranturgeman/jfrog-cli-security v0.0.0-20240214112556-c776e4dc5fc7
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev
 

go.sum

@@ -700,6 +700,10 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo=
 github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w=
 github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
+github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240213152915-98dca8655f69 h1:K28ICJSJT6b2m5jZ8kubqSzRnT5ZeXKFLvpBRw1rihY=
+github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240213152915-98dca8655f69/go.mod h1:+eraSKhahQf7tj09+g3rAA2Z+XPnZGfMc0y8uUDecZw=
+github.com/eranturgeman/jfrog-cli-security v0.0.0-20240214112556-c776e4dc5fc7 h1:OrLu4Fx8+6IftkyPWB0DXnvS5Wfsvs/ZlpWTVXSy5io=
+github.com/eranturgeman/jfrog-cli-security v0.0.0-20240214112556-c776e4dc5fc7/go.mod h1:G5yJW/lWnL12sdhy/LphoJLdi7mcKTKKNo+s5ZSLX9E=
 github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
 github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
@@ -886,10 +890,6 @@ github.com/jfrog/gofrog v1.5.1 h1:2AXL8hHu1jJFMIoCqTp2OyRUfEqEp4nC7J8fwn6KtwE=
 github.com/jfrog/gofrog v1.5.1/go.mod h1:SZ1EPJUruxrVGndOzHd+LTiwWYKMlHqhKD+eu+v5Hqg=
 github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240213075115-4bf1fe83505d h1:9efTE8NyZV6XtF9XoGq0g3XiEIYjCPdiHVEanxhhnlk=
-github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240213075115-4bf1fe83505d/go.mod h1:+eraSKhahQf7tj09+g3rAA2Z+XPnZGfMc0y8uUDecZw=
-github.com/jfrog/jfrog-cli-security v1.0.2-0.20240214091334-d8ecf2a2cf76 h1:VK5FPJgi1OpWxTvUyAzqyO6a1NSX0sjvQ1K5zwgXGUY=
-github.com/jfrog/jfrog-cli-security v1.0.2-0.20240214091334-d8ecf2a2cf76/go.mod h1:39Y1SHOpaG8iNTEgBhRqaUBKHaiYrZ5Joa6OwPCFQ64=
 github.com/jfrog/jfrog-client-go v1.36.1 h1:22Ucy5XdEP1yHEjbN8zOt2dZys5rbwcwhC3l3pcOdf4=
 github.com/jfrog/jfrog-client-go v1.36.1/go.mod h1:y1WF6eiZ7V2DortiwjpMEicEH6NIJH+hOXI5QI2W3NU=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=

packagehandlers/gopackagehandler.go

@@ -2,13 +2,20 @@ package packagehandlers
 
 import (
 	"github.com/jfrog/frogbot/v2/utils"
+	golangutils "github.com/jfrog/jfrog-cli-core/v2/artifactory/commands/golang"
 )
 
 type GoPackageHandler struct {
 	CommonPackageHandler
 }
 
 func (golang *GoPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error {
+	// Configure resolution from an Artifactory server if needed
+	if golang.depsRepo != "" {
+		if err := golangutils.SetArtifactoryAsResolutionServer(golang.serverDetails, golang.depsRepo); err != nil {
+			return err
+		}
+	}
 	// In Golang, we can address every dependency as a direct dependency.
 	return golang.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand())
 }