diff --git a/docs/docs/coverage/language/golang.md b/docs/docs/coverage/language/golang.md index 11fd313f2f95..7f6020f0a245 100644 --- a/docs/docs/coverage/language/golang.md +++ b/docs/docs/coverage/language/golang.md @@ -81,6 +81,7 @@ There are times when Go uses the `(devel)` version for modules/dependencies and In other cases, Go uses the `(devel)` version[^3]. - Dependencies replaced with local ones use the `(devel)` versions. +In these cases, the version of such packages is empty. [^1]: It doesn't require the Internet access. [^2]: Need to download modules to local cache beforehand diff --git a/pkg/dependency/parser/golang/binary/parse.go b/pkg/dependency/parser/golang/binary/parse.go index 2b1d2fce850e..0b1dafa8a8cc 100644 --- a/pkg/dependency/parser/golang/binary/parse.go +++ b/pkg/dependency/parser/golang/binary/parse.go @@ -5,6 +5,7 @@ import ( "sort" "strings" + "github.com/samber/lo" "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/dependency/types" @@ -56,7 +57,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, // Only binaries installed with `go install` contain semver version of the main module. // Other binaries use the `(devel)` version. // See https://github.com/aquasecurity/trivy/issues/1837#issuecomment-1832523477. - Version: info.Main.Version, + Version: lo.Ternary(info.Main.Version != "(devel)", info.Main.Version, ""), // Use empty string instead of `(devel)` }, }...) @@ -75,7 +76,7 @@ func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, libs = append(libs, types.Library{ Name: mod.Path, - Version: mod.Version, + Version: lo.Ternary(mod.Version != "(devel)", mod.Version, ""), // Use empty string instead of `(devel)`, }) } diff --git a/pkg/dependency/parser/golang/binary/parse_test.go b/pkg/dependency/parser/golang/binary/parse_test.go index c3db6d19e7e0..bd1430525244 100644 --- a/pkg/dependency/parser/golang/binary/parse_test.go +++ b/pkg/dependency/parser/golang/binary/parse_test.go @@ -32,7 +32,7 @@ func TestParse(t *testing.T) { }, { Name: "github.com/aquasecurity/test", - Version: "(devel)", + Version: "", }, { Name: "golang.org/x/xerrors", @@ -58,7 +58,7 @@ func TestParse(t *testing.T) { }, { Name: "github.com/aquasecurity/test", - Version: "(devel)", + Version: "", }, { Name: "golang.org/x/xerrors", @@ -84,7 +84,7 @@ func TestParse(t *testing.T) { }, { Name: "github.com/aquasecurity/test", - Version: "(devel)", + Version: "", }, { Name: "golang.org/x/xerrors", @@ -106,7 +106,7 @@ func TestParse(t *testing.T) { }, { Name: "github.com/ebati/trivy-mod-parse", - Version: "(devel)", + Version: "", }, { Name: "github.com/go-sql-driver/mysql", diff --git a/pkg/fanal/analyzer/language/golang/binary/binary_test.go b/pkg/fanal/analyzer/language/golang/binary/binary_test.go index d5e3fc9c343e..28a391da96d9 100644 --- a/pkg/fanal/analyzer/language/golang/binary/binary_test.go +++ b/pkg/fanal/analyzer/language/golang/binary/binary_test.go @@ -39,7 +39,7 @@ func Test_gobinaryLibraryAnalyzer_Analyze(t *testing.T) { }, { Name: "github.com/aquasecurity/test", - Version: "(devel)", + Version: "", }, { Name: "golang.org/x/xerrors", diff --git a/pkg/purl/purl_test.go b/pkg/purl/purl_test.go index 79b2647cff4d..d22e010d8b22 100644 --- a/pkg/purl/purl_test.go +++ b/pkg/purl/purl_test.go @@ -164,7 +164,7 @@ func TestNewPackageURL(t *testing.T) { typ: ftypes.GoModule, pkg: ftypes.Package{ Name: "./private_repos/cnrm.googlesource.com/cnrm/", - Version: "(devel)", + Version: "", }, want: nil, }, diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index de723236a66a..d71c3c9ed074 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -246,7 +246,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { // dependency has been replaced with local directory { Name: "./api", - Version: "(devel)", + Version: "", }, }, }, @@ -423,7 +423,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { BOMRef: "3ff14136-e09f-4df9-80ea-000000000013", Type: cdx.ComponentTypeLibrary, Name: "./api", - Version: "(devel)", + Version: "", Properties: &[]cdx.Property{ { Name: "aquasecurity:trivy:PkgType", diff --git a/pkg/sbom/spdx/marshal_test.go b/pkg/sbom/spdx/marshal_test.go index c7757de8ca81..c4f2f7694d62 100644 --- a/pkg/sbom/spdx/marshal_test.go +++ b/pkg/sbom/spdx/marshal_test.go @@ -1056,7 +1056,7 @@ func TestMarshaler_Marshal(t *testing.T) { Packages: []ftypes.Package{ { Name: "./private_repos/cnrm.googlesource.com/cnrm/", - Version: "(devel)", + Version: "", }, { Name: "golang.org/x/crypto", @@ -1105,10 +1105,9 @@ func TestMarshaler_Marshal(t *testing.T) { }, }, { - PackageSPDXIdentifier: spdx.ElementID("Package-9a16e221e11f8a90"), + PackageSPDXIdentifier: spdx.ElementID("Package-b1c3b9e2363f5ff7"), PackageDownloadLocation: "NONE", PackageName: "./private_repos/cnrm.googlesource.com/cnrm/", - PackageVersion: "(devel)", PackageLicenseConcluded: "NONE", PackageLicenseDeclared: "NONE", PrimaryPackagePurpose: tspdx.PackagePurposeLibrary, @@ -1152,7 +1151,7 @@ func TestMarshaler_Marshal(t *testing.T) { Relationships: []*spdx.Relationship{ { RefA: spdx.DocElementID{ElementRefID: "Application-aab0f4e8cf174c67"}, - RefB: spdx.DocElementID{ElementRefID: "Package-9a16e221e11f8a90"}, + RefB: spdx.DocElementID{ElementRefID: "Package-b1c3b9e2363f5ff7"}, Relationship: "CONTAINS", }, {