Shared codebase for all 3 gemnasium analyzers
Summary
Make all 3 gemnasium analyzers share the same codebase. gemnasium-maven and gemnasium-python are implemented in gemnasium, and code is shared using git submodules. See https://gitlab.com/fcatteau/gemnasium-git-submodule for a PoC.
Update gemnasium to cover all types of projects, including Java and Python projects. The gemnasium CLI is able to handle all sorts of projects, including Java and Python projects. Supported package managers can be set at run-time, using environment variables.
The build remains specific to each project, and gemnasium-maven and gemnasium-python each have a distinct Dockerfile and a distinct CI configuration file.
Implementation plan
- update gemnasium to emulate other projects
-
copy relevant source code from gemnasium-maven -
copy relevant source code from gemnasium-python -
enable all builders, file parsers, and vrange plugins -
enable or disable these are runtime, based on CLI flags, so that the CLI can behave like gemnasium,gemnasium-maven, orgemnasium-python
-
- update gemnasium-maven to use gemnasium as a git submodule
-
update Dockerfile to use git submodule, and set build arguments to behave like before -
copy expected reports to gemnasiumproject, and update test projects accordingly -
README update and project cleanup
-
- update gemnasium-python to use gemnasium as a git submodule
-
update Dockerfile to use git submodule, and set build arguments to behave like before -
copy expected reports to gemnasiumproject, and update test projects accordingly -
README update and project cleanup
-
User doc, developer doc, and CI template don't change.
Project build, CI config, and versioning don't change.
Improvements
- There's a single CLI that supports everything (if the runtime environment satisfies all the dependencies).
- It's easy to use a particular branch of
gemnasiumin the other projects.
Risks
None identified
Involved components
Optional: Intended side effects
Optional: Missing test coverage
None