Merge 30e5cbb into 29e6b35

.travis.yml

@@ -2,18 +2,19 @@ language: go
 go:
   - 1.9
 
+go_import_path: github.com/nearform/gammaray
+
 before_install:
-  - curl -L -s https://github.com/golang/dep/releases/download/v0.3.1/dep-linux-amd64 -o $GOPATH/bin/dep
-  - chmod +x $GOPATH/bin/dep
-  - go get github.com/mattn/goveralls
+  - export PATH="$PATH:$GOPATH/bin"
+  - curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
 
 install:
-  - make install
+  - make ci-install
+  - make build
 
 notifications:
   email: false
 
 script:
-  - go test -v -race ./...
-  - go vet ./...
+  - make test
   - $GOPATH/bin/goveralls -service=travis-ci

Gopkg.toml

@@ -32,3 +32,11 @@
 [[constraint]]
   name = "github.com/mholt/archiver"
   version = "2.0.0"
+
+[[constraint]]
+  name = "github.com/Masterminds/semver"
+  version = "1.4.2"
+
+[[constraint]]
+  name = "github.com/google/go-cmp"
+  version = "0.2.0"

Makefile

@@ -1,3 +1,28 @@
+all: install build
+
+formatter:
+	pigeon -o versionformatter/versionformatter.go versionformatter/versionformatter.peg
+
+build: formatter
+	go build -v -race
+
 install:
 	go get github.com/golang/dep
 	dep ensure
+
+dev-install: install
+	go get -u github.com/mgechev/revive
+	go get -u github.com/mna/pigeon
+
+ci-install: dev-install
+	go get -u github.com/mattn/goveralls
+
+test:
+	go test -v -race ./...
+	go vet ./...
+
+ci-test: test
+	goveralls
+
+lint:
+	revive -formatter stylish pathrunner/... vulnfetcher/...

README.md

@@ -1,42 +1,51 @@
 # Gamma Ray
-[![Go Report Card](https://goreportcard.com/badge/github.com/dgonzalez/gammaray)](https://goreportcard.com/report/github.com/dgonzalez/gammaray)
-![Travis](https://travis-ci.org/dgonzalez/gammaray.svg?branch=master)
-[![Coverage Status](https://coveralls.io/repos/github/dgonzalez/gammaray/badge.svg?branch=travis)](https://coveralls.io/github/dgonzalez/gammaray?branch=travis)
+[![Go Report Card](https://goreportcard.com/badge/github.com/nearform/gammaray)](https://goreportcard.com/report/github.com/nearform/gammaray)
+![Travis](https://travis-ci.org/nearform/gammaray.svg?branch=master)
+[![Coverage Status](https://coveralls.io/repos/github/nearform/gammaray/badge.svg?branch=master)](https://coveralls.io/github/nearform/gammaray?branch=master)
 
-Gamm Ray is a software that helps developers to look for vulnerabilities on their Node.js
+Gammaray is a software that helps developers to look for vulnerabilities on their Node.js
 applications. Its pluggable infrastructure makes very easy to write an integration with
 several vulnerabilities databases.
 
 ## Get It
 
 In order to get it just run:
 
-```
-go get github.com/dgonzalez/gammaray
+```console
+$> go get github.com/nearform/gammaray
 ```
 Once it is finished, you should have the `gammaray` binary in your `GOPATH/bin` folder.
 
 ## Build it
 
-We use `dep` to manage the dependencies for `gammaray`. In order to build it, run:
-
-```
-dep ensure
-go build
+```console
+$> make
 ```
 
 ## Usage
 
 Gammaray comes as a single binary so you only need to run it passing your project as argument:
 
-```
-gammaray <path-to-your-node-app>
+```console
+$> gammaray <path-to-your-node-app>
 ```
 
 And that is all, all the vulnerabilities that affect your packages will be displayed.
 
 ## Contributing
 
-Are you a developer and want to contribute? Please be my guest.
+### As a developer
+
+Clone the repository, then start hacking, PRs are welcome !
+
+```console
+$> mkdir -p $GOPATH/src/github.com/nearform/
+$> cd $GOPATH/src/github.com/nearform/
+$> git clone https://github.com/nearform/gammaray.git
+$> cd gammaray
+$> make dev-install
+```
+
+### As security provider
 
-Are you a security provider who wants to be integrated? Contact me [here](https://www.linkedin.com/in/david-gonzalez-microservices/)
+You want to be integrated? Contact me [here](https://www.linkedin.com/in/david-gonzalez-microservices/)

main.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/dgonzalez/gammaray/pathrunner"
-	"github.com/dgonzalez/gammaray/vulnfetcher/nodeswg"
-	"github.com/dgonzalez/gammaray/vulnfetcher/ossvulnfetcher"
+	"github.com/nearform/gammaray/pathrunner"
+	"github.com/nearform/gammaray/vulnfetcher/nodeswg"
+	"github.com/nearform/gammaray/vulnfetcher/ossvulnfetcher"
 )
 
 // OSSIndexURL URL for OSSIndex. Is not a hardcoded value to facilitate testing.
@@ -41,20 +41,21 @@ func main() {
 
 	for _, singlePackage := range packages {
 		vulnerabilitiesOSS, err := ossFetcher.Test(singlePackage.Name, singlePackage.Version)
-		//		vulnerabilitiesNodeSWG, err := nodeswgFetcher.Test()
+		// vulnerabilitiesNodeSWG, err := nodeswgFetcher.Test(singlePackage.Name, singlePackage.Version)
 		if err != nil {
 			fmt.Println(err.Error())
 			os.Exit(1)
 		}
 
 		if len(vulnerabilitiesOSS) > 0 {
-			fmt.Printf("\tPackage: %s\n", singlePackage.Name)
+			fmt.Printf("\tPackage: %s (%s)\n", singlePackage.Name, singlePackage.Version)
 			for _, vulnerability := range vulnerabilitiesOSS {
 				fmt.Printf("\t\t- Vulnerability (OSS Index):\n")
-				fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tMore Info: [%s]\n",
+				fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tFixed: %s\n\t\tMore Info: [%s]\n",
 					vulnerability.CVE,
 					vulnerability.Title,
 					vulnerability.Versions,
+					vulnerability.Fixed,
 					vulnerability.References,
 				)
 			}
@@ -65,10 +66,11 @@ func main() {
 			fmt.Printf("\tPackage: %s\n", singlePackage.Name)
 			for _, vulnerability := range vulnerabilitiesNodeSWG {
 				fmt.Printf("\t\t- Vulnerability (Node Security Working Group):\n")
-				fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tMore Info: [%s]\n",
+				fmt.Printf("\t\t\t- CVE: %s\n\t\tTitle: %s\n\t\tVersions: %s\n\t\tFixed: %s\n\t\tMore Info: [%s]\n",
 					vulnerability.CVE,
 					vulnerability.Title,
 					vulnerability.Versions,
+					vulnerability.Fixed,
 					vulnerability.References,
 				)
 			}