search

newrelic / newrelic-php-agent

The New Relic PHP Agent
https://opensource.newrelic.com/projects/newrelic/newrelic-php-agent
Apache License 2.0
120 stars 63 forks source link

feat(agent): use composer for vuln mgmt package info #962

Closed lavarou closed 2 months ago

lavarou commented 2 months ago

If possible, use Composer's runtime API to collect information about PHP packages used by the application for New Relic Vulnerability Management. This feature is disabled by default and can be enabled by setting newrelic.vulnerability_management.composer_detection.enabled to true.

newrelic-php-agent-bot commented 2 months ago
Test Suite Status Result
Multiverse :white_check_mark: 7/7 passing
SOAK :white_check_mark: 56/56 passing
zsistla commented 2 months ago

What version(s) of composer will this work with?

lavarou commented 2 months ago

What version(s) of composer will this work with?

So far it's been tested with 2.2 and 2.6. It should work with all versions >= 2.2.

codecov-commenter commented 2 months ago

Codecov Report

Attention: Patch coverage is 79.14692% with 44 lines in your changes missing coverage. Please review.

Project coverage is 78.50%. Comparing base (8de09b0) to head (1fda499). Report is 1 commits behind head on dev.

Files with missing lines Patch % Lines
agent/lib_composer.c 77.08% 22 Missing :warning:
axiom/nr_php_packages.c 72.00% 7 Missing :warning:
agent/fw_laminas3.c 0.00% 2 Missing :warning:
agent/fw_lumen.c 0.00% 2 Missing :warning:
agent/fw_wordpress.c 0.00% 2 Missing :warning:
agent/lib_doctrine2.c 0.00% 2 Missing :warning:
agent/lib_mongodb.c 0.00% 2 Missing :warning:
agent/lib_phpunit.c 0.00% 2 Missing :warning:
axiom/nr_php_packages.h 60.00% 2 Missing :warning:
agent/fw_slim.c 0.00% 1 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## dev #962 +/- ## ========================================== + Coverage 78.35% 78.50% +0.14% ========================================== Files 194 195 +1 Lines 26879 27057 +178 ========================================== + Hits 21061 21241 +180 + Misses 5818 5816 -2 ``` | [Flag](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | Coverage Δ | | |---|---|---| | [agent-for-php-7.2](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | `78.51% <79.14%> (+0.15%)` | :arrow_up: | | [agent-for-php-7.3](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | `78.53% <79.14%> (+0.15%)` | :arrow_up: | | [agent-for-php-7.4](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | `78.23% <78.19%> (+0.14%)` | :arrow_up: | | [agent-for-php-8.0](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | `78.25% <78.19%> (+0.14%)` | :arrow_up: | | [agent-for-php-8.1](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | `78.24% <78.19%> (+0.14%)` | :arrow_up: | | [agent-for-php-8.2](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | `77.84% <77.72%> (+0.14%)` | :arrow_up: | | [agent-for-php-8.3](https://app.codecov.io/gh/newrelic/newrelic-php-agent/pull/962/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic) | `77.84% <77.72%> (+0.14%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=newrelic#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.