request to add Dep (Golang) support to Dependency Scanning
⚠ ️ Request by prospective customer, need to have more customers upvote 👍 or comment if this is desired
Problem to solve
Currently GitLab Dependency Scanning does not support Dep but do support Go Modules. Some customers don't use go modules.
Intended users
User experience goal
Proposal
Implement a lock file parser that extracts dependency names from Gopkg.lock
, as well as dependency versions when available. See lock file parser for go.sum
.
Further details
Dependencies listed Gopkg.lock
always have a revision
(VCS-specific commit ID) but might not have a version
. See version information.
Permissions and Security
N/A
Documentation
-
To be documented as a supported package manager.
Availability & Testing
-
Add a specific test project using Dep -
Add a QA job for this test project, in the CI configuration of gemnasium
What does success look like, and how can we measure that?
Dependency Scanning reports vulnerabilities for Go projects using Dep.
What is the type of buyer?
Is this a cross-stage feature?
No.