I had to delete Gopkg* to get snyk to run. If we need these for something I'll add them back.
Before:
$ snyk test
Testing /home/jason/Documents/go/src/github.com/konveyor/mig-controller...
✗ Medium severity vulnerability found in github.com/prometheus/client_golang/prometheus/promhttp
Description: Denial of Service (DoS)
Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSCLIENTGOLANGPROMETHEUSPROMHTTP-2401819
Introduced through: github.com/prometheus/client_golang/prometheus/promhttp@1.11.0, sigs.k8s.io/controller-runtime/pkg/manager@#096b2e07c091, sigs.k8s.io/controller-runtime@#096b2e07c091, sigs.k8s.io/controller-runtime/pkg/controller@#096b2e07c091, github.com/konveyor/openshift-velero-plugin/velero-plugins/imagecopy@#876132e34f3d
From: github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
From: sigs.k8s.io/controller-runtime/pkg/manager@#096b2e07c091 > github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
From: sigs.k8s.io/controller-runtime@#096b2e07c091 > sigs.k8s.io/controller-runtime/pkg/manager@#096b2e07c091 > github.com/prometheus/client_golang/prometheus/promhttp@1.11.0
and 5 more...
Fixed in: 1.11.1
✗ High severity vulnerability found in github.com/gin-gonic/gin
Description: HTTP Response Splitting
Info: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
Introduced through: github.com/gin-gonic/gin@1.7.2, github.com/gin-contrib/cors@1.3.1
From: github.com/gin-gonic/gin@1.7.2
From: github.com/gin-contrib/cors@1.3.1 > github.com/gin-gonic/gin@1.7.2
Fixed in: 1.7.7
Organization: jmontleon
Package manager: gomodules
Target file: go.mod
Project name: github.com/konveyor/mig-controller
Open source: no
Project path: /home/jason/Documents/go/src/github.com/konveyor/mig-controller
Licenses: enabled
Tested 797 dependencies for known issues, found 2 issues, 10 vulnerable paths.
After:
$ snyk test
Testing /home/jason/Documents/go/src/github.com/konveyor/mig-controller...
Organization: jmontleon
Package manager: gomodules
Target file: go.mod
Project name: github.com/konveyor/mig-controller
Open source: no
Project path: /home/jason/Documents/go/src/github.com/konveyor/mig-controller
Licenses: enabled
✔ Tested 797 dependencies for known issues, no vulnerable paths found.
Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.
I had to delete Gopkg* to get snyk to run. If we need these for something I'll add them back.
Before:
After: