Merge branch 'use-scanner-instead-of-analyzer' into 'master'

Use scanner instead of analyzer for scan.scanner

See merge request !62

CHANGELOG.md

 # Secrets analyzer changelog
 
+## v3.6.0
+- Use scanner instead of analyzer in `scan.scanner` object (!62)
+
 ## v3.5.0
 - Bump gitleaks to v5.0.1 (!60)
 

analyze.go

@@ -9,7 +9,7 @@ import (
 	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/issue"
 	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/git"
 	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/gitleaks"
-	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/scannerinfo"
+	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/metadata"
 )
 
 // analyze runs the tools and produces a report containing issues for each detected secret leak.
@@ -49,8 +49,8 @@ func analyze(c *cli.Context, path string) (*issue.Report, error) {
 	}
 	report := issue.NewReport()
 	report.Vulnerabilities = issues
-	report.Scan.Scanner = scannerinfo.ReportScanner
-	report.Scan.Type = scannerinfo.Type
+	report.Scan.Scanner = metadata.ReportScanner
+	report.Scan.Type = metadata.Type
 
 	return &report, nil
 }

gitleaks/gitleaks.go

@@ -14,7 +14,7 @@ import (
 
 	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/issue"
 	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/convert"
-	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/scannerinfo"
+	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/metadata"
 	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/utils"
 
 	"github.com/urfave/cli"
@@ -210,8 +210,8 @@ func toIssues(path string, reportFile io.Reader, historic bool) ([]issue.Issue,
 
 		// append the issue.
 		issues = append(issues, issue.Issue{
-			Category:    scannerinfo.Type,
-			Scanner:     scannerinfo.IssueScanner,
+			Category:    metadata.Type,
+			Scanner:     metadata.IssueScanner,
 			Name:        name,
 			Message:     name,
 			Description: description,

go.mod

@@ -3,7 +3,6 @@ module gitlab.com/gitlab-org/security-products/analyzers/secrets/v2
 require (
 	bou.ke/monkey v1.0.1 // indirect
 	github.com/google/go-cmp v0.4.0
-	github.com/kr/pretty v0.1.0
 	github.com/mitchellh/copystructure v1.0.0
 	github.com/otiai10/copy v0.0.0-20180813032824-7e9a647135a1
 	github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95 // indirect

main.go

@@ -17,7 +17,7 @@ import (
 	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/logutil"
 	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/pathfilter"
 	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/gitleaks"
-	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/scannerinfo"
+	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/metadata"
 	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/utils"
 )
 
@@ -27,12 +27,16 @@ const (
 	flagExcludedPaths = "excluded-paths"
 )
 
-func init() {
-	log.SetFormatter(&logutil.Formatter{Project: "secrets"})
-}
-
 func main() {
-	app := command.NewApp(scannerinfo.ReportScanner)
+	app := cli.NewApp()
+	app.Name = "analyzer"
+	app.Version = metadata.AnalyzerVersion
+	app.Author = metadata.AnalyzerVendor
+	app.Usage = metadata.AnalyzerUsage
+
+	log.SetFormatter(&logutil.Formatter{Project: metadata.AnalyzerName})
+	log.Info(metadata.AnalyzerUsage)
+
 	app.Commands = []cli.Command{runCommand()}
 
 	if err := app.Run(os.Args); err != nil {

metadata/metadata.go

+package metadata
+
+import (
+	"fmt"
+
+	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/issue"
+)
+
+const (
+	// AnalyzerVendor is the vendor/maintainer of the analyzer
+	AnalyzerVendor = "GitLab"
+
+	// AnalyzerName is the name of the analyzer
+	AnalyzerName = "secrets"
+	analyzerID   = AnalyzerName
+
+	scannerVendor = AnalyzerVendor
+	scannerURL    = "https://github.com/zricethezav/gitleaks"
+
+	// scannerID identifies the scanner that generated the report
+	scannerID = "gitleaks"
+
+	// scannerName identifies the scanner that generated the report
+	scannerName = "Gitleaks"
+
+	// Type returns the type of the scan
+	Type issue.Category = issue.CategorySecretDetection
+)
+
+var (
+	// AnalyzerVersion is the semantic version of the analyzer and must match the most recent version in CHANGELOG.md
+	AnalyzerVersion = "3.6.0"
+
+	// ScannerVersion is the semantic version of the scanner (gitleaks)
+	// TODO: ensure this version matches the one specified in the Dockerfile
+	//       see https://gitlab.com/gitlab-org/gitlab/-/issues/235059
+	ScannerVersion = "5.0.1"
+
+	// IssueScanner describes the scanner used to find a vulnerability
+	IssueScanner = issue.Scanner{
+		ID:   scannerID,
+		Name: scannerName,
+	}
+
+	// ReportScanner returns identifying information about a security scanner
+	ReportScanner = issue.ScannerDetails{
+		ID:      scannerID,
+		Name:    scannerName,
+		Version: ScannerVersion,
+		Vendor: issue.Vendor{
+			Name: scannerVendor,
+		},
+		URL: scannerURL,
+	}
+
+	// AnalyzerUsage provides a one line usage string for the analyzer
+	AnalyzerUsage = fmt.Sprintf("%s %s analyzer v%s", AnalyzerVendor, AnalyzerName, AnalyzerVersion)
+)

metadata/metadata_test.go

+package metadata_test
+
+import (
+	"reflect"
+	"testing"
+
+	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/issue"
+	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/metadata"
+)
+
+func TestReportScanner(t *testing.T) {
+	want := issue.ScannerDetails{
+		ID:      "gitleaks",
+		Name:    "Gitleaks",
+		Version: metadata.ScannerVersion,
+		Vendor: issue.Vendor{
+			Name: "GitLab",
+		},
+		URL: "https://github.com/zricethezav/gitleaks",
+	}
+	got := metadata.ReportScanner
+
+	if !reflect.DeepEqual(want, got) {
+		t.Errorf("Wrong result. Expected:\n%#v\nbut got:\n%#v", want, got)
+	}
+}

scannerinfo/scannerinfo.go

-package scannerinfo
-
-import (
-	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/issue"
-)
-
-const (
-	vendorName = "GitLab"
-
-	// ScannerID identifies the analyzer that generated the report
-	id = "gitleaks"
-
-	// Name identifies the analyzer that generated the report
-	name = "Gitleaks"
-
-	// Type returns the type of the scan
-	Type issue.Category = issue.CategorySecretDetection
-)
-
-var (
-	// Version is the semantic version of the analyzer and must match the most recent version in CHANGELOG.md
-	Version = "3.5.0"
-
-	// IssueScanner describes the scanner used to find a vulnerability
-	IssueScanner = issue.Scanner{
-		ID:   id,
-		Name: name,
-	}
-
-	scannerURL = "https://gitlab.com/gitlab-org/security-products/analyzers/secrets"
-
-	// ReportScanner returns identifying information about a security scanner
-	ReportScanner = issue.ScannerDetails{
-		ID:      id,
-		Name:    name,
-		Version: Version,
-		Vendor: issue.Vendor{
-			Name: vendorName,
-		},
-		URL: scannerURL,
-	}
-)

scannerinfo/scannerinfo_test.go

-package scannerinfo_test
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/kr/pretty"
-
-	"gitlab.com/gitlab-org/security-products/analyzers/common/v2/issue"
-	"gitlab.com/gitlab-org/security-products/analyzers/secrets/v2/scannerinfo"
-)
-
-func TestReportScanner(t *testing.T) {
-	t.Run("Test ReportScanner struct contents", func(t *testing.T) {
-		want := issue.ScannerDetails{
-			ID:      "gitleaks",
-			Name:    "Gitleaks",
-			Version: scannerinfo.Version,
-			Vendor: issue.Vendor{
-				Name: "GitLab",
-			},
-			URL: "https://gitlab.com/gitlab-org/security-products/analyzers/secrets",
-		}
-		got := scannerinfo.ReportScanner
-		pretty.Printf("\nXXXXXXXXXXXXXXXX\n scannerinfo.ReportScanner:\n %# v \nXXXXXXXXXXXXXXXX\n", scannerinfo.ReportScanner)
-
-		if !reflect.DeepEqual(want, got) {
-			t.Errorf("Wrong result. Expected:\n%#v\nbut got:\n%#v", want, got)
-		}
-	})
-}

test/expect/gl-secret-detection-report.json

@@ -379,11 +379,11 @@
     "scanner": {
       "id": "gitleaks",
       "name": "Gitleaks",
-      "url": "https://gitlab.com/gitlab-org/security-products/analyzers/secrets",
+      "url": "https://github.com/zricethezav/gitleaks",
       "vendor": {
         "name": "GitLab"
       },
-      "version": "3.5.0"
+      "version": "5.0.1"
     },
     "type": "secret_detection"
   }