Objective is to use CRDA VS code extension on the helm repo to see if there are any vulnerabilities within the package
References:
https://docs.google.com/document/d/1LQFi171z_r2LDyx7ZfGzm2K9GCQ39PQNy_7eMa-Qcpw/edit#
https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/blob/master/README.md
Prerequisites:
VS Code Version >= 1.50
Golanng > =1.13
Kind of packages (eco system) supported:
Golang (go.mod)
python (requirement.txt)
npm (package.json)
mvn (pom.xml)
Acceptance Criteria:
- User should be able to install CRDA VS code extension (restart required)
- Selecting dependency file (for ex: go.mod) should run the dependency analytics tool in background (status is shown in status bar)
- User should be able to see highlighted vulnerabilities within the package
- Also, user should be able to see notification if there are vulnerabilities
- If there no vulnerabilities, user should see a tick mark in the status bar
- User should be able to fix vulnerabilities manually or use quick fix (feature of CRDA)
- Once fixed, reopen the go.mod file to trigger and see successful fix
- User should be able to see in detail analysis report by using Detailed Vulnerability Report.
- User should be able to see private Vulnerabilities in the report using snyk token (https://app.snyk.io/login)
- is cloned by
-
APPSVC-799 SPIKE: Use of CRDA as VS Code extension for SBO repository
-
- Closed
-
- is related to
-
-
- Closed
-