Class GolangModAnalyzer
java.lang.Object
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
org.owasp.dependencycheck.analyzer.GolangModAnalyzer
- All Implemented Interfaces:
FileFilter, Analyzer, FileTypeAnalyzer
Go mod dependency analyzer.
- Author:
- Matthijs van den Bos
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voidanalyzeDependency(Dependency dependency, Engine engine) Analyzes go packages and adds evidence to the dependency.Tell that we are used for information collection.protected StringReturns the key name for the analyzers enabled setting.protected FileFilterReturns the FileFiltergetName()Returns the name of the Golang Mode Analyzer.protected voidprepareFileTypeAnalyzer(Engine engine) Initialize the go mod analyzer; ensures that go is installed and can be called.Methods inherited from class AbstractFileTypeAnalyzer
accept, getFilesMatched, newHashSet, prepareAnalyzer, setFilesMatchedMethods inherited from class AbstractAnalyzer
analyze, close, closeAnalyzer, getSettings, initialize, isEnabled, prepare, setEnabled, supportsParallelProcessingMethods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface Analyzer
analyze, close, initialize, isEnabled, prepare, supportsParallelProcessing
-
Field Details
-
DEPENDENCY_ECOSYSTEM
A descriptor for the type of dependencies processed or added by this analyzer.- See Also:
-
GO_MOD
Lock file name. Please note that go.sum is NOT considered a lock file and may contain dependencies that are no longer used and dependencies of dependencies. According to here, go.mod should be used for reproducible builds: https://github.com/golang/go/wiki/Modules#is-gosum-a-lock-file-why-does-gosum-include-information-for-module-versions-i-am-no-longer-using- See Also:
-
-
Constructor Details
-
GolangModAnalyzer
public GolangModAnalyzer()
-
-
Method Details
-
getName
Returns the name of the Golang Mode Analyzer.- Returns:
- the name of the analyzer
-
getAnalysisPhase
Tell that we are used for information collection.- Returns:
- INFORMATION_COLLECTION
-
getAnalyzerEnabledSettingKey
Returns the key name for the analyzers enabled setting.- Specified by:
getAnalyzerEnabledSettingKeyin classAbstractAnalyzer- Returns:
- the key name for the analyzers enabled setting
-
getFileFilter
Returns the FileFilter- Specified by:
getFileFilterin classAbstractFileTypeAnalyzer- Returns:
- the FileFilter
-
prepareFileTypeAnalyzer
Initialize the go mod analyzer; ensures that go is installed and can be called.- Specified by:
prepareFileTypeAnalyzerin classAbstractFileTypeAnalyzer- Parameters:
engine- a reference to the dependency-check engine- Throws:
InitializationException- never thrown
-
analyzeDependency
Analyzes go packages and adds evidence to the dependency.- Specified by:
analyzeDependencyin classAbstractAnalyzer- Parameters:
dependency- the dependency being analyzedengine- the engine being used to perform the scan- Throws:
AnalysisException- thrown if there is an unrecoverable error analyzing the dependency
-