add golang module analysis in SnykAnalysisTask - Githubissues

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

https://dependencytrack.org/

Apache License 2.0

2.61k stars 553 forks source link

add golang module analysis in SnykAnalysisTask #3716

Open fengliu012 opened 4 months ago

fengliu012 commented 4 months ago

Current Behavior

We use snyk to analyze our components' vulnerability, and right now snyk analysis task only supports the below packages without golang module

PackageURL.StandardTypes.CARGO,
"cocoapods", // Not defined in StandardTypes
PackageURL.StandardTypes.COMPOSER,
PackageURL.StandardTypes.GEM,
PackageURL.StandardTypes.GENERIC,
PackageURL.StandardTypes.HEX,
PackageURL.StandardTypes.MAVEN,
PackageURL.StandardTypes.NPM,
PackageURL.StandardTypes.NUGET,
PackageURL.StandardTypes.PYPI,
"swift" // Not defined in StandardTypes

Proposed Behavior

It would be nice to support golang module analysis in Snyk

Checklist

[X] I have read and understand the contributing guidelines
[X] I have checked the existing issues for whether this enhancement was already requested