Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(java): add support for sbt projects using sbt-dependency-lock #6882

Merged
merged 15 commits into from
Jun 19, 2024

Conversation

stringbean
Copy link
Contributor

@stringbean stringbean commented Jun 7, 2024

Description

Adds support for sbt projects using sbt-dependency-lock. This will allow scanning of Scala projects using sbt with lockfiles generated by sbt-dependency-lock.

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks awesome! Thanks for your contribution!
I have a question. Is there any way to determine if a dependency is directly used by the project or transitively installed?

@stringbean
Copy link
Contributor Author

Looks awesome! Thanks for your contribution! I have a question. Is there any way to determine if a dependency is directly used by the project or transitively installed?

Not at the moment. I can look at adding that to the next major version of sbt-dependency-lock.

Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
@DmitriyLewen Can you please take a look?

pkg/fanal/analyzer/language/java/sbt/lockfile.go Outdated Show resolved Hide resolved
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @stringbean
Thanks for your work!

Left a few comments.
Take a look, please.

Regards, Dmitriy

pkg/dependency/parser/sbt/lockfile/parse.go Show resolved Hide resolved
pkg/dependency/parser/sbt/lockfile/parse.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/java/sbt/lockfile.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/java/sbt/lockfile.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/java/sbt/lockfile.go Outdated Show resolved Hide resolved
pkg/fanal/analyzer/language/java/sbt/lockfile_test.go Outdated Show resolved Hide resolved
pkg/dependency/parser/sbt/lockfile/parse.go Outdated Show resolved Hide resolved
@stringbean stringbean force-pushed the sbt-dependency-lock branch from 55436a2 to 10cfe1b Compare June 18, 2024 08:38
Signed-off-by: knqyf263 <[email protected]>
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
@stringbean left a couple of comments.

pkg/fanal/analyzer/language/java/sbt/lockfile.go Outdated Show resolved Hide resolved
pkg/dependency/parser/sbt/lockfile/parse.go Outdated Show resolved Hide resolved
@knqyf263 knqyf263 force-pushed the sbt-dependency-lock branch from 1b0dc15 to 3b43605 Compare June 19, 2024 08:25
@knqyf263 knqyf263 added this pull request to the merge queue Jun 19, 2024
Merged via the queue into aquasecurity:main with commit f18d035 Jun 19, 2024
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

feat(scala): support sbt-dependency-lock
3 participants