search

sonatype-nexus-community / bach

Dependency vulnerability auditor for PHP
Apache License 2.0
14 stars 15 forks source link

Improve Output #10

Closed DarthHater closed 4 years ago

DarthHater commented 4 years ago

Hello!

This PR is to spruce up the output of an OSS Index audit (for Composer at the moment):

Screen Shot 2020-09-16 at 11 42 33 AM

This adds some tables, and makes the output a bit cleaner to read. Also defaults to a "quiet" behavior, only showing vulnerable packages.

Also breaks out Audit type functionality into a app/Audit spot (PHP prefers you do folders based on features for structure), the start of an interface for Audit so that we can implement json, etc... as time goes, and also to you know, make things easier to unit test.

Also breaks out OSSIndex into it's own class, so we can implement caching, etc... in a tinier place.

Also breaks out the parsing of the Composer lockfile, etc... into it's own class, and interface, so that the app/Commands/Composer.php file is now more or less just control flow

DarthHater commented 4 years ago

@bhamail that is still a mystery to me (most of the Version2 stuff was copied and pasted in and I just rearranged rather than tackle if it's needed). Tests will be up next-ish so I can figure out what we need it for!