This repository has been archived by the owner on Nov 2, 2023. It is now read-only.
Send the list of dependencies #91
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Go programs compiled using the new Go modules support now have their list of dependencies and versions available at run time. Send them to Sqreen so that we can perform our dependency analysis.
Merged
Julio-Guerra
added a commit
that referenced
this pull request
Jan 24, 2020
Breaking Change - (#89) Go instrumentation: Sqreen's dynamic configuration of the protection your Go programs is made possible at run time thanks to Go instrumentation. It is a building block of the upcoming run time self-protection (aka RASP) and it is safely performed at compilation time by an instrumentation tool that seamlessly integrates with the Go toolchain. To begin, only a specific set of Go packages are instrumented: the agent and `database/sql` (to prepare the upcoming SQL injection protection). Please, find out how to install and use the tool on the new agent installation documentation available at https://docs.sqreen.com/go/installation/. New Features - (#90) The SDK now imports the agent package to no longer have to import it in the `main` package. The SDK is indeed mandatory when setting up Sqreen for Go, making it the best place to import the agent. - (#91) The program dependencies are now sent to Sqreen to perform dependency analysis (outdated, vulnerable, etc.). They are only available when the Go program you compile is a Go module. Sqreen's dashboard Dependency page will be made available soon. Fix - (#92) Vendoring using `go mod vendor` could lead to compilation errors due to missing files.
Julio-Guerra
added a commit
that referenced
this pull request
Jan 24, 2020
Breaking Change - (#89) Go instrumentation: Sqreen's dynamic configuration of the protection your Go programs is made possible at run time thanks to Go instrumentation. It is a building block of the upcoming run time self-protection (aka RASP) and it is safely performed at compilation time by an instrumentation tool that seamlessly integrates with the Go toolchain. To begin, only a specific set of Go packages are instrumented: the agent and `database/sql` (to prepare the upcoming SQL injection protection). Please, find out how to install and use the tool on the new agent installation documentation available at https://docs.sqreen.com/go/installation/. New Features - (#90) The SDK now imports the agent package to no longer have to import it in the `main` package. The SDK is indeed mandatory when setting up Sqreen for Go, making it the best place to import the agent. - (#91) The program dependencies are now sent to Sqreen to perform dependency analysis (outdated, vulnerable, etc.). They are only available when the Go program you compile is a Go module. Sqreen's dashboard Dependency page will be made available soon. Fix - (#92) Vendoring using `go mod vendor` could lead to compilation errors due to missing files.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Go programs compiled using the new Go modules support now have their list of dependencies and versions available at run time. Send them to Sqreen so that we can perform our dependency analysis.