audits

package
v0.0.0-...-0390e60 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: BSD-3-Clause Imports: 15 Imported by: 0

Documentation

Overview

audits package checks for audit issues and automatically files bugs.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewNpmProjectAudit

func NewNpmProjectAudit(ctx context.Context, projectName, repoURL, gitBranch, packageFilesDir, workDir string, httpClient *http.Client, dbClient types.NpmDB, issueTrackerConfig *config.IssueTrackerConfig, auditDevDependencies bool) (types.ProjectAudit, error)

NewNpmProjectAudit periodically downloads package.json/package-lock.json from gitiles and runs audit on it.

Types

type NpmProjectAudit

type NpmProjectAudit struct {
	// contains filtered or unexported fields
}

NpmProjectAudit implements the types.ProjectAudit interface.

func (*NpmProjectAudit) StartAudit

func (a *NpmProjectAudit) StartAudit(ctx context.Context, pollInterval time.Duration)

StartAudit runs `npm audit` on the project's package.json/package-lock.json files. If there are any high severity issues reported then the following algorithm will be used: * Check in the DB to see if an audit issue has been filed. * If issue has not been filed:

  • File a new issue and add it to the DB.

* Else if issue has been filed:

  • Check to see if the issue has been closed.
  • If issue is closed:
  • Check to see if the issue is closed more than fileAuditIssueAfterThreshold duration ago.
  • If it is older then file a new issue and add it to the DB.
  • Else do nothing.
  • Else if issue is still open then do nothing.

StartAudit implements the types.ProjectAudit interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL