Vuln func java (gradle)

.github/workflows/codescene.yml

@@ -2,8 +2,6 @@ name: CodeScene
 
 on:
   pull_request:
-    branches:
-      - main
 
 jobs:
   delta-analysis:

.github/workflows/debricked.yml

@@ -24,6 +24,4 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-go-
       - run: |
-          printf "$(go mod graph)\n\n$(go list -mod=readonly -e -m all)" > .debricked-go-dependencies.txt
-      - run: |
-          go run cmd/debricked/main.go scan -t ${{ secrets.DEBRICKED_TOKEN }} -e "pkg/**"
+          go run cmd/debricked/main.go scan -t ${{ secrets.DEBRICKED_TOKEN }} -e "pkg/**" -e "test/**"  --resolve

.github/workflows/docker.yml

@@ -12,7 +12,7 @@ jobs:
     name: 'Push Docker images'
     strategy:
       matrix:
-        stage: [ 'cli', 'scan' ]
+        stage: [ 'cli', 'scan', 'cli-resolution']
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

.gitignore

@@ -7,3 +7,7 @@ debricked
 dist/
 /.debricked-go-dependencies.txt
 /.env
+test/resolve/testdata/pip/requirements.txt.venv/
+test/resolve/testdata/pip/.requirements.txt.debricked.lock
+pkg/scan/testdata/npm/yarn.lock
+pkg/resolution/pm/gradle/.gradle-init-script.debricked.groovy

Makefile

@@ -1,17 +1,35 @@
+.PHONY: install
 install:
 	bash scripts/install.sh
 
+.PHONY: lint
 lint:
 	bash scripts/lint.sh
 
+.PHONY: test
 test:
 	bash scripts/test_cli.sh
+
+.PHONY: test-docker
 test-docker:
 	bash scripts/test_docker.sh cli
 
+.PHONY: test-e2e
+test-e2e:
+	bash scripts/test_e2e.sh
+
+.PHONY: test-e2e-docker
 docker-build-dev:
 	docker build -f build/docker/Dockerfile -t debricked/cli-dev:latest --target dev .
+
+.PHONY: docker-build-cli
 docker-build-cli:
 	docker build -f build/docker/Dockerfile -t debricked/cli:latest --target cli .
+
+.PHONY: docker-build-scan
 docker-build-scan:
 	docker build -f build/docker/Dockerfile -t debricked/cli-scan:latest --target scan .
+
+.PHONY: docker-build-cli-resolution
+docker-build-cli-resolution:
+	docker build -f build/docker/Dockerfile -t debricked/cli-resolution:latest --target cli-resolution .

build/docker/Dockerfile

@@ -16,3 +16,26 @@ COPY --from=dev /cli/debricked /usr/bin/debricked
 
 FROM cli AS scan
 ENTRYPOINT [ "debricked",  "scan" ]
+
+FROM cli AS cli-resolution
+RUN apk --no-cache --update add \
+    openjdk8-jre \
+    python3 \
+    py3-scipy \
+    py3-pip \
+    go
+
+ENV MAVEN_VERSION 3.9.0
+ENV MAVEN_HOME /usr/lib/mvn
+ENV PATH $MAVEN_HOME/bin:$PATH
+RUN wget http://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \
+  tar -zxvf apache-maven-$MAVEN_VERSION-bin.tar.gz && \
+  rm apache-maven-$MAVEN_VERSION-bin.tar.gz && \
+  mv apache-maven-$MAVEN_VERSION $MAVEN_HOME
+
+ENV GRADLE_VERSION 8.0.2
+ENV GRADLE_HOME /usr/lib/gradle
+ENV PATH $GRADLE_HOME/gradle-$GRADLE_VERSION/bin:$PATH
+RUN wget https://services.gradle.org/distributions/gradle-$GRADLE_VERSION-bin.zip && \
+  unzip gradle-$GRADLE_VERSION-bin.zip -d $GRADLE_HOME && \
+  rm gradle-$GRADLE_VERSION-bin.zip \

cmd/debricked/main.go

@@ -4,12 +4,13 @@ import (
 	"os"
 
 	"github.com/debricked/cli/pkg/cmd/root"
+	"github.com/debricked/cli/pkg/wire"
 )
 
 var version string // Set at compile time
 
 func main() {
-	if err := root.NewRootCmd(version).Execute(); err != nil {
+	if err := root.NewRootCmd(version, wire.GetCliContainer()).Execute(); err != nil {
 		os.Exit(1)
 	}
 }

examples/templates/Argo/README.md

@@ -1,5 +1,2 @@
 # Argo Workflows
-- [Default template](Default/argo.yml)
-- [Maven template](Maven/argo.yml)
-- [Gradle template](Gradle/argo.yml)
-- [Go template](Go/argo.yml)
+- [Default template](argo.yml)

examples/templates/Argo/Default/argo.yml → examples/templates/Argo/argo.yml

@@ -25,7 +25,7 @@ spec:
         image: debricked/cli
         workingDir: /repository
         command:
-          - debricked scan
+          - debricked scan --resolve
         env:
           - name: DEBRICKED_TOKEN
             value: "{{inputs.parameters.debricked-token}}"