chelsea 0.0.21 → 0.0.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Jenkinsfile +1 -1
- data/README.md +5 -44
- data/bin/chelsea +1 -0
- data/lib/chelsea/cli.rb +2 -1
- data/lib/chelsea/iq_client.rb +3 -2
- data/lib/chelsea/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2e8f55973cc277e40b428bd4024d57ee8faeb9497a9533c5325c4992f347e497
|
|
4
|
+
data.tar.gz: 4e131ffd1c73531aaa2e03ada3a7e0c580fae8ffc3c98c5e3db4bc91ee55f899
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 68126c4c9fa51ffb7e74402eb6649fe4bca546959d03c28e0c3a028fd36e6912d4ceabe87b6ad7688e2a68a200df05cecc188e4f512fca1b31f823b5ff20f977
|
|
7
|
+
data.tar.gz: 02e554ba6e20ecea0f5027abf8c72feefa272f1336e458997bbae14000fceacefc14f0237ac78c956328d573f27466455a926c57b351f718de8011d03b3bcab3
|
data/Jenkinsfile
CHANGED
|
@@ -32,7 +32,7 @@ dockerizedBuildPipeline(
|
|
|
32
32
|
sh '''
|
|
33
33
|
gem build chelsea.gemspec
|
|
34
34
|
gem install ./chelsea-*.gem
|
|
35
|
-
chelsea --file Gemfile.lock -b -a chelsea -iu $IQ_USERNAME -it $IQ_PASSWORD -i https://policy.ci.sonatype.dev
|
|
35
|
+
chelsea --file Gemfile.lock -b -a chelsea -iu $IQ_USERNAME -it $IQ_PASSWORD -i https://policy.ci.sonatype.dev --stage stage-release
|
|
36
36
|
'''
|
|
37
37
|
}
|
|
38
38
|
})
|
data/README.md
CHANGED
|
@@ -38,21 +38,10 @@ $ gem install chelsea
|
|
|
38
38
|
```
|
|
39
39
|
|
|
40
40
|
```
|
|
41
|
-
$ chelsea
|
|
42
|
-
|
|
43
|
-
/ __ \| | | |
|
|
44
|
-
| / \/| |__ ___ | | ___ ___ __ _
|
|
45
|
-
| | | '_ \ / _ \| |/ __| / _ \ / _` |
|
|
46
|
-
| \__/\| | | || __/| |\__ \| __/| (_| |
|
|
47
|
-
\____/|_| |_| \___||_||___/ \___| \__,_|
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
Version: 0.0.11
|
|
51
|
-
|
|
52
|
-
usage: chelsea [options] ...
|
|
53
|
-
|
|
54
|
-
Options:
|
|
41
|
+
$ chelsea --help
|
|
42
|
+
usage: /usr/local/bin/chelsea [options]
|
|
55
43
|
-f, --file Path to your Gemfile.lock
|
|
44
|
+
-x, --clear Clear OSS Index cache
|
|
56
45
|
-c, --config Set persistent config for OSS Index
|
|
57
46
|
-u, --user Specify OSS Index Username
|
|
58
47
|
-p, --token Specify OSS Index API Token
|
|
@@ -61,9 +50,10 @@ Options:
|
|
|
61
50
|
-iu, --iquser Specify the IQ username
|
|
62
51
|
-it, --iqpass Specify the IQ auth token
|
|
63
52
|
-w, --whitelist Set path to vulnerability whitelist file
|
|
64
|
-
-
|
|
53
|
+
-v, --verbose Make chelsea only output vulnerable third party dependencies for text output (default: true)
|
|
65
54
|
-t, --format Choose what type of format you want your report in (default: text) (options: text, json, xml)
|
|
66
55
|
-b, --iq Use Nexus IQ Server to audit your project
|
|
56
|
+
-s, --stage Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)
|
|
67
57
|
--version Print the version
|
|
68
58
|
-h, --help Show usage
|
|
69
59
|
```
|
|
@@ -96,35 +86,6 @@ Audit Results
|
|
|
96
86
|
|
|
97
87
|
Audit Results will show a list of your third party dependencies, their reverse dependencies (so what brought them in to your project), and if they are vulnerable or not.
|
|
98
88
|
|
|
99
|
-
### Quiet usage
|
|
100
|
-
|
|
101
|
-
Running with `--quiet` will only output any vulnerable dependencies found, similar to:
|
|
102
|
-
|
|
103
|
-
```
|
|
104
|
-
_____ _ _
|
|
105
|
-
/ __ \| | | |
|
|
106
|
-
| / \/| |__ ___ | | ___ ___ __ _
|
|
107
|
-
| | | '_ \ / _ \| |/ __| / _ \ / _` |
|
|
108
|
-
| \__/\| | | || __/| |\__ \| __/| (_| |
|
|
109
|
-
\____/|_| |_| \___||_||___/ \___| \__,_|
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
Version: 0.0.11
|
|
113
|
-
[15/31] - pkg:gem/rake@10.5.0 Vulnerable.
|
|
114
|
-
Required by: domain_name-0.5.20190701
|
|
115
|
-
Required by: equatable-0.6.1
|
|
116
|
-
Required by: pastel-0.7.3
|
|
117
|
-
Required by: public_suffix-4.0.3
|
|
118
|
-
Required by: rspec_junit_formatter-0.4.1
|
|
119
|
-
Required by: slop-4.8.1
|
|
120
|
-
Required by: slop-4.8.0
|
|
121
|
-
Required by: unf-0.1.4
|
|
122
|
-
Required by: unf_ext-0.0.7.7
|
|
123
|
-
Required by: unf_ext-0.0.7.6
|
|
124
|
-
```
|
|
125
|
-
|
|
126
|
-
This can be useful if you are only interested in seeing your vulnerable dependencies, and not the whole list.
|
|
127
|
-
|
|
128
89
|
### Usage with Formatters
|
|
129
90
|
|
|
130
91
|
Chelsea can be run with a number of different formatters:
|
data/bin/chelsea
CHANGED
|
@@ -34,6 +34,7 @@ opts =
|
|
|
34
34
|
o.bool '-v', '--verbose', 'Make chelsea only output vulnerable third party dependencies for text output (default: true)', default: false
|
|
35
35
|
o.string '-t', '--format', 'Choose what type of format you want your report in (default: text) (options: text, json, xml)', default: 'text'
|
|
36
36
|
o.bool '-b', '--iq', 'Use Nexus IQ Server to audit your project'
|
|
37
|
+
o.string '-s', '--stage', 'Specify Nexus IQ Stage (default: build) (options: develop, build, stage-release, release, operate)', default: 'build'
|
|
37
38
|
o.on '--version', 'Print the version' do
|
|
38
39
|
puts Chelsea::VERSION
|
|
39
40
|
exit
|
data/lib/chelsea/cli.rb
CHANGED
|
@@ -63,7 +63,8 @@ module Chelsea
|
|
|
63
63
|
public_application_id: @opts[:application],
|
|
64
64
|
server_url: @opts[:server],
|
|
65
65
|
username: @opts[:iquser],
|
|
66
|
-
auth_token: @opts[:iqpass]
|
|
66
|
+
auth_token: @opts[:iqpass],
|
|
67
|
+
stage: @opts[:stage]
|
|
67
68
|
}
|
|
68
69
|
)
|
|
69
70
|
bom = Chelsea::Bom.new(gems.deps.dependencies).collect
|
data/lib/chelsea/iq_client.rb
CHANGED
|
@@ -28,7 +28,8 @@ module Chelsea
|
|
|
28
28
|
server_url: 'http://localhost:8070',
|
|
29
29
|
username: 'admin',
|
|
30
30
|
auth_token: 'admin123',
|
|
31
|
-
internal_application_id: ''
|
|
31
|
+
internal_application_id: '',
|
|
32
|
+
stage: 'build'
|
|
32
33
|
}
|
|
33
34
|
def initialize(options: DEFAULT_OPTIONS)
|
|
34
35
|
@options = options
|
|
@@ -149,7 +150,7 @@ module Chelsea
|
|
|
149
150
|
end
|
|
150
151
|
|
|
151
152
|
def _api_url
|
|
152
|
-
"#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea"
|
|
153
|
+
"#{@options[:server_url]}/api/v2/scan/applications/#{@internal_application_id}/sources/chelsea?stageId=#{@options[:stage]}"
|
|
153
154
|
end
|
|
154
155
|
|
|
155
156
|
def _internal_application_id_api_url
|
data/lib/chelsea/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: chelsea
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.22
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Allister Beharry
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-10-
|
|
11
|
+
date: 2020-10-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tty-font
|