woodpecker

README

go-woodpecker (WIP)

Give developers the last-mile help in fixing vulnerabilities

prerequisites

• Maven v3.1.0+ (required by Maven Dependency-Check Plugin)

commands

woodpecker -h
woodpecker tree # shows depedency tree with vulnerabilities
woodpecker kill cve_id # updates the dependency until the cve_id is fixed. does NOT work with multi-module projects

Maven projects (TODO)

Basically it simply does the following: (note that it use go-git instead of the usual git client)

• mvn versions:use-next-releases
• mvn verify
• git branch -b auto-update-deps
• git add **pom.xml
• git commit -m "auto update dependencies"
• git push --set-upstream=auto-update-deps
• create pull request

Caveats

[ ] multi-modules project

[ ] dependency suite (dependencies share the same version)

License

MIT

Documentation

Index

• type DigOpts
• type KillOpts
• type Opts
• type TreeOpts
• type Woodpecker
  • func (w Woodpecker) Dig(args []string, opts DigOpts) error
  • func (w Woodpecker) Kill(args []string, opts KillOpts) error
  • func (wp Woodpecker) Tree(opts TreeOpts) (api.DependencyTree, error)

Types

type DigOpts

type DigOpts struct {
	KillOpts
}

type KillOpts

type KillOpts struct {
	Opts
	SendPR bool
}

type Opts

type Opts struct {
	Verbose          bool
	BranchNamePrefix string
}

type TreeOpts

type TreeOpts struct {
	Opts
}

type Woodpecker

type Woodpecker struct {
	GitClient spi.GitClient
	GitServer spi.GitServer
	DepMgr    api.DependencyManager
	OSSIndex  spi.OSSIndex
}

func (Woodpecker) Dig

func (w Woodpecker) Dig(args []string, opts DigOpts) error

func (Woodpecker) Kill

func (w Woodpecker) Kill(args []string, opts KillOpts) error

func (Woodpecker) Tree

func (wp Woodpecker) Tree(opts TreeOpts) (api.DependencyTree, error)