Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit - Sarif output, show default location for license violation #1030

Merged
merged 5 commits into from
Nov 16, 2023
Merged

Audit - Sarif output, show default location for license violation #1030

merged 5 commits into from
Nov 16, 2023

Conversation

attiasas
Copy link
Contributor

@attiasas attiasas commented Nov 14, 2023
edited
Loading

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • All static analysis checks passed.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.

  • Improve Audit by allowing to specify license violations with locations in Sarif format (default), this way license violations can be uploaded to places that allows only results with location (like Github), prerequisite for Scan repository - show license violation on Github security issues frogbot#575.

  • Allow to specify allowedLicenses instead of watch to get a license violations

  • Fix bug where summary field was not populated for violations in simple json

@attiasas attiasas added the improvement Automatically generated release notes label Nov 14, 2023
@attiasas attiasas marked this pull request as ready for review November 14, 2023 10:53
@attiasas attiasas requested a review from yahavi November 14, 2023 10:53
@attiasas attiasas marked this pull request as draft November 14, 2023 12:12
@attiasas attiasas requested a review from omerzi November 15, 2023 07:36
@attiasas attiasas mentioned this pull request Nov 15, 2023
Merged
3 tasks
@attiasas attiasas marked this pull request as ready for review November 15, 2023 07:59
omerzi
omerzi reviewed Nov 16, 2023
View reviewed changes
xray/utils/resultwriter.go Outdated Show resolved Hide resolved
@github-actions GitHub Actions
Copy link
Contributor

👍 Frogbot scanned this pull request and found that it did not add vulnerable dependencies.

@attiasas attiasas merged commit b0db3e2 into jfrog:dev Nov 16, 2023
8 checks passed
gailazar300 pushed a commit to gailazar300/jfrog-cli-core that referenced this pull request Nov 23, 2023
@attiasas @gailazar300
Audit - Sarif output, show default location for license violation (jf…
e5fac2a 
…rog#1030)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omerzi omerzi omerzi left review comments

@yahavi yahavi Awaiting requested review from yahavi

Assignees
No one assigned
Labels
improvement Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@attiasas @omerzi