Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Audit - support scanning Conan v2 projects #182

Merged
merged 4 commits into from
Sep 26, 2024
Merged

Audit - support scanning Conan v2 projects #182

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
109c5a2
calling conan BuildDependencyTree
orto17 Sep 22, 2024
5b8e51a
Merge branch 'dev' into conan-support-jf-audit
orto17 Sep 22, 2024
381feeb
fixing integration tests
orto17 Sep 22, 2024
51ca894
Merge branch 'dev' into conan-support-jf-audit
orto17 Sep 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions audit_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,36 @@ func testAuditNpm(t *testing.T, format string, withVuln bool) string {
return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...)
}

func TestXrayAuditConanJson(t *testing.T) {
output := testAuditConan(t, string(format.Json), true)
securityTestUtils.VerifyJsonScanResults(t, output, 0, 8, 2)
}

func TestXrayAuditConanSimpleJson(t *testing.T) {
output := testAuditConan(t, string(format.SimpleJson), true)
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 2)
}

func testAuditConan(t *testing.T, format string, withVuln bool) string {
securityTestUtils.InitSecurityTest(t, scangraph.GraphScanMinXrayVersion)
tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t)
defer createTempDirCallback()
conanProjectPath := filepath.Join(filepath.FromSlash(securityTestUtils.GetTestResourcesPath()), "projects", "package-managers", "conan")
// Copy the conan project from the testdata to a temp dir
assert.NoError(t, biutils.CopyDir(conanProjectPath, tempDirPath, true, nil))
prevWd := securityTestUtils.ChangeWD(t, tempDirPath)
defer clientTests.ChangeDirAndAssert(t, prevWd)
// Run conan install before executing jfrog audit
assert.NoError(t, exec.Command("conan").Run())
watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High)
defer deleteWatch()
args := []string{"audit", "--licenses", "--format=" + format, "--watches=" + watchName, "--fail=false"}
if withVuln {
args = append(args, "--vuln")
}
return securityTests.PlatformCli.RunCliCmdWithOutput(t, args...)
}

func TestXrayAuditPnpmJson(t *testing.T) {
output := testXrayAuditPnpm(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 1, 1)
Expand Down
3 changes: 3 additions & 0 deletions commands/audit/scarunner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"github.com/jfrog/build-info-go/utils/pythonutils"
"github.com/jfrog/jfrog-cli-security/commands/audit/sca/conan"
"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
"golang.org/x/exp/slices"

Expand Down Expand Up @@ -247,6 +248,8 @@ func GetTechDependencyTree(params xrayutils.AuditParams, artifactoryServerDetail
depTreeResult.FullDepTrees, uniqueDeps, err = npm.BuildDependencyTree(params)
case techutils.Pnpm:
depTreeResult.FullDepTrees, uniqueDeps, err = pnpm.BuildDependencyTree(params)
case techutils.Conan:
depTreeResult.FullDepTrees, uniqueDeps, err = conan.BuildDependencyTree(params)
case techutils.Yarn:
depTreeResult.FullDepTrees, uniqueDeps, err = yarn.BuildDependencyTree(params)
case techutils.Go:
Expand Down
Loading