Versions Compared

Old Version 42

changes.mady.by.user Tsur Rothfeld

Saved on

compared with

New Version 43

changes.mady.by.user Tsur Rothfeld

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Table of Contents

Configuration

For information on configuration parameters, refer to Configuration File & Parameters.

Examples

Go Modules Example

As a user, I want to scan a Go project using Go 1.11 or above without the need for any package manager, while still being able to obtain all relevant dependencies used in my project. The project contains a 'go.mod' or 'modules.txt' file as well as a 'vendor' folder. The following are the relevant 'Go' configuration settings: 

...

As user, I want to scan a Go project with the 'godep' package manager in order to obtain all relevant dependencies. The project already contains a 'Gopkg.lock' file. The following are the relevant 'Go' configuration settings: 

Code Block
go.resolveDependencies=true   
go.collectDependenciesAtRuntime=false
go.dependencyManager=godep

Glide Example

As a user, I want to scan a Go project with the 'glide' package manager in order to obtain all relevant dependencies. The project does not contain a 'Gopkg.lock' file, and the user would also like to scan test packages defined in the 'glide.yaml' file. The  The following are the relevant 'Go' configuration settings: 

Code Block
go.resolveDependencies=true   
go.dependencyManager=glide
go.glide.ignoreTestPackages=false

...

When the following conditions (in the bulleted list) are true, the Unified Agent will perform the following procedures below:

  • go.collectDependenciesAtRuntime=true

  • the dependency file is available

  • the 'vendor' folder is missing

  1. For VNDR and Dep, the Unified Agent will rename the existing dependency file to <dependency_file>-<YYYY.MM.DD>T<HHmmss>+<UTC offset>.<extension> and run the pre-step command. For example, here is how the renamed file will look: "Gopkg-2019.06.04T150505+0200.lock".

  2. For Godep,

     the

     the Unified Agent will rename the

    existing Godeps

    existing Godeps folder name to Godeps-<YYYY.MM.DD>T<HHmmss>+<UTC offset> and run the pre-step command. For example, here is how the renamed folder will look: "Godeps-2019.06.04T150505+0200".

  3. For all three noted package managers, the Unified Agent will create a 'vendor' folder containing relevant dependencies/files. It will also generate a new dependency file.

For Glide Package Manager: Enabling the go.collectDependenciesAtRuntime Parameter

...

The go.collectDependenciesAtRuntime parameter can be set to true assuming you previously ran the 'govendor fetch' command on the relevant project (in order to download the relevant dependencies).
If you did not run 'govendor fetch' prior to enabling the go.collectDependenciesAtRuntime parameter, the Unified Agent will return direct and transitive dependencies as a flat structure.

...

The Unified Agent provides support for a hierarchy tree for the following packages: glide, gopm, godep, dep, govendor, vndr and modules (Go Modules).
For the other package managers (gogradle,vgo), the Unified Agent will show both direct and transitive dependencies as a flat structure.

In general - for all package managers, both direct and transitive dependencies are retrieved as part of a scan. 
In order to support retrieval of a project's full hierarchy tree, one of the following requirements needs to be valid:

  • The dependency file and 'vendor' folder are available in the project

  • The go.collectDependenciesAtRuntime configuration parameter is set to 'true' and the relevant dependency manager is installed (except for Go Modules which doesn't require a dependency manager).