Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: supporting scanning go.mod #134

Merged
merged 3 commits into from
Oct 23, 2023
Merged

feat: supporting scanning go.mod #134

merged 3 commits into from
Oct 23, 2023

Conversation

xieshenzh
Copy link
Collaborator

Support scanning dependency vulnerabilities in go.mod.

@xieshenzh xieshenzh marked this pull request as ready for review September 26, 2023 18:41
@xieshenzh xieshenzh force-pushed the go-mod branch 5 times, most recently from 757aa65 to da38181 Compare October 5, 2023 19:08
@xieshenzh
Copy link
Collaborator Author

@zvigrinberg @ilan-pinto please review this PR.
I disabled the CI validations for a few versions of IntelliJ, because the version of the go-plugin dependency is not compatible with these versions of IntelliJ.
After the alpha or preview release, we should not keep long term support of the plugin (i.e. supporting all the IntelliJ versions since 2021.1), because it is not common practice for IntelliJ plugins.

This was referenced Oct 17, 2023
Merged
Merged
@sonarcloud
Copy link

sonarcloud bot commented Oct 17, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug C 3 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

zvigrinberg
zvigrinberg reviewed Oct 18, 2023
View reviewed changes
Copy link
Collaborator

@zvigrinberg zvigrinberg left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @xieshenzh
The technical and code part of the PR looks good and off course i'll approve it, but before that, please clarify something - does the go-plugin that you're relying on , is compatible with other/newer versions ( not including IC community editions) of intelli-j since 2021.1 , excluding?

@xieshenzh
Copy link
Collaborator Author

Hi @xieshenzh The technical and code part of the PR looks good and off course i'll approve it, but before that, please clarify something - does the go-plugin that you're relying on , is compatible with other/newer versions ( not including IC community editions) of intelli-j since 2021.1 , excluding?

Hi @zvigrinberg , This plugin also has the go-plugin dependency, and it is compatible with IntelliJ 2021.3+.

So the RHDA plugin should be compatible with IntelliJ 2021.1+.
But when building the plugin, the go-plugin dependency can only be built with IntelliJ 2021.1. That's why I had to disable some github actions.

I think we should make a nightly release once this PR is merged. With that, we could verify if the compatibility works as expected.

zvigrinberg
zvigrinberg approved these changes Oct 23, 2023
View reviewed changes
Copy link
Collaborator

@zvigrinberg zvigrinberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm,Approved
@xieshenzh As discussed, first let's release it as snapshot ( "nightly channel")

@zvigrinberg zvigrinberg merged commit 6b8679b into redhat-developer:main Oct 23, 2023
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zvigrinberg zvigrinberg zvigrinberg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xieshenzh @zvigrinberg