Initial commit

.depsource.toml → .deepsource.toml

@@ -4,4 +4,4 @@ version = 1
 name = "go"
 
   [analyzers.meta]
-  import_root = "github.com/crashdump/libguardian"
+  import_root = "github.com/crashdump/venlock"

.github/workflows/test.yml

@@ -1,7 +1,4 @@
-# This workflow will build a golang project
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
-
-name: Go
+name: Test
 
 on:
   push:
@@ -22,7 +19,7 @@ jobs:
           go-version: '1.20'
 
       - name: Build
-        run: go build -v -o dist/libguardian cmd/libguardian/*.go
+        run: go build -v -o dist/venlock cmd/venlock/*.go
 
       - name: Test
         run: go test -v ./...

.goreleaser.yaml

@@ -7,16 +7,20 @@ before:
     # you may remove this if you don't need go generate
     - go generate ./...
 builds:
-  - id: "libguardian"
-    binary: "libguardian"
-    main: ./cmd/libguardian
+  - id: "venlock"
+    binary: "venlock"
+    main: ./cmd/venlock
     env:
       - CGO_ENABLED=0
     goos:
       - linux
       - windows
       - darwin
 
+dockers:
+  - image_templates:
+      - crashdump/venlock
+
 archives:
   - format: tar.gz
     # this name template makes the OS and Arch compatible with the results of uname.

Dockerfile

@@ -0,0 +1,3 @@
+FROM scratch
+ENTRYPOINT ["/venlock"]
+COPY venlock /

Makefile

@@ -2,10 +2,10 @@
 .DEFAULT_GOAL=test
 
 build: test
-	go build -v -o dist/libguardian cmd/libguardian/*.go
+	go build -v -o dist/venlock cmd/venlock/*.go
 
 clean:
-	rm -f dist/libguardian
+	rm -f dist/venlock
 
 test:
 	go mod tidy

README.md

@@ -1,39 +1,48 @@
-# Lib Guardian
+# Venlock (a.k.a. Vendor Lock)
 
-[![License](http://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/crashdump/libguardian/master/LICENSE)
-[![GoDoc](https://godoc.org/github.com/crashdump/libguardian?status.svg)](https://godoc.org/github.com/crashdump/libguardian)
+[![License](http://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/crashdump/venlock/master/LICENSE)
+[![GoDoc](https://godoc.org/github.com/crashdump/venlock?status.svg)](https://godoc.org/github.com/crashdump/venlock)
 
 
 ## Install
 
 ```bash
-go install github.com/crashdump/libguardian/cmd/libguardian@latest
+go install github.com/crashdump/venlock/cmd/venlock@latest
 ```
 
 ## Use
 
 ```bash
-libguardian ./sources/
+venlock ./sources/
 ```
 
-    ┌──────────────┐
-    │ Lib Guardian │
-    └──────────────┘
-
-    > Searching for supported manifests...
-      Found foo/bar/package.json.
-
-    > Examining files...
-      Found foreign library: foo.bar
-      Found foreign library: bar.baz
-
-    Failed!
+    ┌─────────────┐
+    │ Vendor Lock │
+    └─────────────┘
+
+    NAME:
+    venlock - Search for package manifests and identifies untrusted libraries.
+
+    USAGE:
+    venlock [global options] command [command options] [arguments...]
+
+    AUTHOR:
+    Adrien Pujol <ap@cdfr.net>
+
+    COMMANDS:
+    enumerate, e  enumerate all the libraries from source code.
+    generate, g   generate a config.json from source code.
+    enforce, v    enforce inventory libraries.
+    help, h       Shows a list of commands or help for one command
+
+    GLOBAL OPTIONS:
+    --help  (default: false)
 
 
 ### Build
 
 ```bash
-go build ./... -o dist/libguardian
+go build ./... -o dist/venlock
 ```
 
 ### Test

cmd/libguardian/cmd.go → cmd/venlock/cmd.go

@@ -7,8 +7,8 @@ import (
 
 	"github.com/urfave/cli/v2"
 
-	"github.com/crashdump/libguardian/pkg"
-	"github.com/crashdump/libguardian/pkg/gomod"
+	"github.com/crashdump/venlock/pkg"
+	"github.com/crashdump/venlock/pkg/gomod"
 )
 
 var logger *logging
@@ -26,13 +26,13 @@ func main() {
 	logger = newLogger()
 	var flagOutput string
 
-	logger.print("┌──────────────┐")
-	logger.print("│ Lib Guardian │")
-	logger.print("└──────────────┘")
+	logger.print("┌─────────────┐")
+	logger.print("│ Vendor Lock │")
+	logger.print("└─────────────┘")
 	logger.print("")
 
 	app := &cli.App{
-		Name:     "libguardian",
+		Name:     "venlock",
 		Usage:    "Walk files in a directory and identifies gaps between project and inventory.",
 		Compiled: time.Now(),
 		Authors: []*cli.Author{{
@@ -56,7 +56,7 @@ func main() {
 
 					logger.printHeader("Enumerating libraries from source code...")
 
-					lg := pkg.NewLibGuardian[gomod.Library](path, gomod.GoMod[gomod.Library]{})
+					lg := pkg.Newvenlock[gomod.Library](path, gomod.GoMod[gomod.Library]{})
 					results, err := lg.Enumerate()
 					if err != nil {
 						logger.printFatal(err.Error())
@@ -99,7 +99,7 @@ func main() {
 
 					logger.printHeader("Generating sbom.jsom from source code...")
 					panic("not implemented")
-					//results, err := libguardian.Enumerate(path)
+					//results, err := venlock.Enumerate(path)
 					//if err != nil {
 					//	logger.printFatal(err.Error())
 					//}
@@ -116,8 +116,9 @@ func main() {
 				Flags: []cli.Flag{
 					&cli.StringFlag{
 						Name:        "config",
-						Aliases:     []string{"c"},
+						Required:    true,
 						Destination: &flagOutput,
+						Aliases:     []string{"c"},
 						Action: func(ctx *cli.Context, v string) error {
 							if v == "" {
 								return errors.New("missing config filename")
@@ -138,13 +139,15 @@ func main() {
 
 					logger.printHeader("Searching for foreign libraries in source code...")
 
-					lg := pkg.NewLibGuardian[gomod.Library](path, gomod.GoMod[gomod.Library]{})
-					err := lg.Config.Load(cCtx.String("config"))
+					var cfg pkg.Config[gomod.Library]
+					err := cfg.Load(cCtx.String("config"))
 					if err != nil {
 						return err
 					}
 
-					results, err := lg.Enforce()
+					lg := pkg.Newvenlock[gomod.Library](path, gomod.GoMod[gomod.Library]{})
+
+					results, err := lg.Enforce(cfg.Catalogue[lg.Scanner.Name()])
 					if err != nil {
 						return err
 					}
@@ -156,10 +159,12 @@ func main() {
 							logger.printResult(result.Module)
 						}
 
+						logger.print("")
 						logger.printFatal("Failed!")
 					}
-					logger.print("No mismatch, success!")
 
+					logger.print("")
+					logger.print("No mismatch, success!")
 					return nil
 				},
 			},

cmd/libguardian/logging.go → cmd/venlock/logging.go

@@ -32,6 +32,7 @@ func (l logging) printfResult(format string, args interface{}) {
 	l.printResult(fmt.Sprintf(format, args))
 }
 
-func (logging) printFatal(str string) {
-	panic(str)
+func (l logging) printFatal(str string) {
+	l.logger.Printf("  %s", str)
+	os.Exit(1)
 }

go.mod

@@ -1,4 +1,4 @@
-module github.com/crashdump/libguardian
+module github.com/crashdump/venlock
 
 go 1.20
 

pkg/config_test.go

@@ -4,8 +4,8 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/crashdump/libguardian/pkg"
-	"github.com/crashdump/libguardian/pkg/gomod"
+	"github.com/crashdump/venlock/pkg"
+	"github.com/crashdump/venlock/pkg/gomod"
 )
 
 func TestConfig_SaveAndLoad(t *testing.T) {

pkg/gomod/gomod.go

@@ -5,7 +5,7 @@ import (
 
 	"golang.org/x/mod/modfile"
 
-	"github.com/crashdump/libguardian/pkg"
+	"github.com/crashdump/venlock/pkg"
 )
 
 type GoMod[T Library] struct{}
@@ -24,7 +24,7 @@ func (g GoMod[T]) Filename() string {
 	return "go.mod"
 }
 
-func (g GoMod[T]) Collect(path string) (proc pkg.Processor[T], err error) {
+func (g GoMod[T]) Collect(path string) (proc pkg.Processor[Library], err error) {
 	data, err := os.ReadFile(path)
 	if err != nil {
 		return proc, err
@@ -36,7 +36,7 @@ func (g GoMod[T]) Collect(path string) (proc pkg.Processor[T], err error) {
 	}
 
 	for _, dep := range gomod.Require {
-		proc.Inventory = append(proc.Inventory, T{
+		proc.Found = append(proc.Found, Library{
 			Module: dep.Mod.Path,
 		})
 	}