c54c569f30
Completed clean root directory structure: - Root now contains only: .git, .env, docs/, orig/ - Moved all remaining files and directories to orig/: - Config files (.claude, .dockerignore, .drone.yml, etc.) - All .env variants (except active .env) - Git config (.gitconfig, .github, .gitignore, etc.) - Tool configs (.golangci.yml, .revive.toml, etc.) - Documentation (*.md files, @prompts) - Build files (Dockerfiles, Makefile, go.mod, go.sum) - Docker compose files - All source directories (scripts, tests, tools, etc.) - Runtime directories (logs, monitoring, reports) - Dependency files (node_modules, lib, cache) - Special files (--delete) - Removed empty runtime directories (bin/, data/) V2 structure is now clean: - docs/planning/ - V2 planning documents - orig/ - Complete V1 codebase preserved - .env - Active environment config (not in git) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
60 lines
1.6 KiB
Bash
Executable File
60 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# This script checks for vulnerabilities in project dependencies
|
|
|
|
set -e
|
|
|
|
echo "Starting dependency vulnerability scan..."
|
|
|
|
# Initialize exit code
|
|
exit_code=0
|
|
|
|
# Run govulncheck
|
|
echo "Running govulncheck..."
|
|
if command -v govulncheck >/dev/null 2>&1; then
|
|
if ! govulncheck ./...; then
|
|
echo "❌ govulncheck found vulnerabilities"
|
|
exit_code=1
|
|
else
|
|
echo "✅ govulncheck found no vulnerabilities"
|
|
fi
|
|
else
|
|
echo "⚠️ govulncheck not installed, skipping"
|
|
fi
|
|
|
|
# Run nancy (for Sonatype Nexus IQ)
|
|
echo "Running nancy scan..."
|
|
if command -v nancy >/dev/null 2>&1; then
|
|
if ! go list -json -m all | nancy --skip-update-check; then
|
|
echo "❌ nancy found vulnerable dependencies"
|
|
exit_code=1
|
|
else
|
|
echo "✅ nancy found no vulnerabilities"
|
|
fi
|
|
else
|
|
echo "⚠️ nancy not installed, skipping"
|
|
fi
|
|
|
|
# Check for deprecated packages
|
|
echo "Checking for deprecated packages..."
|
|
if go list -json -m all | grep -i deprecated; then
|
|
echo "⚠️ Found deprecated packages in dependencies"
|
|
else
|
|
echo "✅ No deprecated packages found"
|
|
fi
|
|
|
|
# Check for unmaintained packages (packages without recent updates)
|
|
echo "Checking for potentially unmaintained packages..."
|
|
# This is a basic check - in a real scenario, you might want to check
|
|
# the age of the latest commits for each dependency
|
|
go list -m -u all || echo "Dependency update check completed"
|
|
|
|
echo "Dependency vulnerability scan completed."
|
|
|
|
if [ $exit_code -ne 0 ]; then
|
|
echo "❌ Dependency vulnerability scan found issues"
|
|
exit $exit_code
|
|
else
|
|
echo "✅ Dependency vulnerability scan passed"
|
|
exit 0
|
|
fi |