| Table of Contents |
|---|
Overview
This page describes the Unified Agent’s integration with Go.
Configuration
For information on configuration parameters, refer to Configuration File & Parameters.
Examples
Go Modules Example
As a user, I want to scan a Go project using Go 1.11 or above without the need for any package manager, while still being able to obtain all relevant dependencies used in my project. The project contains a 'go.mod' or 'modules.txt' file as well as a 'vendor' folder. The following are the relevant 'Go' configuration settings:
...
As user, I want to scan a Go project with the 'godep' package manager in order to obtain all relevant dependencies. The project already contains a 'Gopkg.lock' file. The following are the relevant 'Go' configuration settings:
| Code Block |
|---|
go.resolveDependencies=true go.collectDependenciesAtRuntime=false go.dependencyManager=godep |
Glide Example
As a user, I want to scan a Go project with the 'glide' package manager in order to obtain all relevant dependencies. The project does not contain a 'Gopkg.lock' file, and the user would also like to scan test packages defined in the 'glide.yaml' file. The following are the relevant 'Go' configuration settings:
| Code Block |
|---|
go.resolveDependencies=true go.dependencyManager=glide go.glide.ignoreTestPackages=false |
...
The go.collectDependenciesAtRuntime parameter can be set to true assuming you previously ran the 'govendor fetch' command on the relevant project (in order to download the relevant dependencies).
If you did not run 'govendor fetch' prior to enabling the go.collectDependenciesAtRuntime parameter, the Unified Agent will return direct and transitive dependencies as a flat structure.
Go Modules
The Modules are controlled by a separate set of parameters than Go. Two separate settings are supported: parameters for controlling the Modules resolution, and the existing Go parameters for controlling Modules and the other Go package managers. The Modules resolver detects only the actively-used dependencies. For a list of parameters, refer to the Unified Agent Configuration Parameters.
Known Limitations
The Unified Agent provides support for a hierarchy tree for the following packages: glide, gopm, godep, dep, govendor, vndr and modules (Go Modules).
For the other package managers (gogradle,vgo), the Unified Agent will show both direct and transitive dependencies as a flat structure.
In general - for all package managers, both direct and transitive dependencies are retrieved as part of a scan.
In order to support retrieval of a project's full hierarchy tree, one of the following requirements needs to be valid:
The dependency file and 'vendor' folder are available in the project
The go.collectDependenciesAtRuntime configuration parameter is set to 'true' and the relevant dependency manager is installed (except for Go Modules which doesn't require a dependency manager).