diff --git a/README.md b/README.md
index 1b3f80c4..676bf4ad 100644
--- a/README.md
+++ b/README.md
@@ -34,13 +34,13 @@ encrypted-token-will-appear-here
```xml
- ...
+
github
github-userid-goes-here
encrypted-token-goes-here-including-curly-brackets
- ...
+
```
@@ -66,12 +66,12 @@ encrypted-token-will-appear-here
```xml
- ...
+
github
https://maven.pkg.github.com/guacsec/trustify-da-java-client
- ...
+
```
@@ -81,7 +81,7 @@ encrypted-token-will-appear-here
```groovy
repositories {
- ...
+ // ... other repositories
maven {
url 'https://maven.pkg.github.com/guacsec/trustify-da-java-client'
credentials {
@@ -89,7 +89,7 @@ repositories {
password System.getenv("GITHUB_TOKEN")
}
}
- ...
+ // ... other repositories
}
```
@@ -177,7 +177,10 @@ public class TrustifyExample {
Excluding Packages
-Excluding a package from any analysis can be achieved by marking the package for exclusion.
+Excluding a package from any analysis can be achieved by marking the package for exclusion using either the trustify-da-ignore syntax.
+
+Although both `trustify-da-ignore` and `exhortignore` patterns work identically and can be used interchangeably. The `trustify-da-ignore` syntax is recommended for new projects, while `exhortignore` continues to be supported for backwards compatibility. You can gradually migrate your projects or use both patterns in the same manifest.
+
@@ -185,6 +188,14 @@ Excluding a package from any analysis can be achieved by marking the package for
Java Maven users can add a comment in pom.xml
```xml
+
+
+ ...
+ ...
+ 0.0.9-SNAPSHOT
+
+
+
...
...
@@ -193,10 +204,8 @@ Excluding a package from any analysis can be achieved by marking the package for
```
-
-
-
-Javascript NPM users can add a root (key, value) pair with value of list of names (strings) to be ignored (without versions), and key called exhortignore in package.json, example:
+Javascript NPM users can add ignore arrays in package.json:
```json
{
@@ -213,15 +222,17 @@ Excluding a package from any analysis can be achieved by marking the package for
"jsonwebtoken": "^8.5.1",
"mongoose": "^5.9.18"
},
- "exhortignore": [
+ "trustify-da-ignore": [
"jsonwebtoken"
]
}
-
```
+
+
+-
+Golang users can add in go.mod a comment with //trustify-da-ignore next to the package to be ignored, or to "piggyback" on existing comment ( e.g - //indirect) , for example:
-Golang users can add in go.mod a comment with //exhortignore next to the package to be ignored, or to "piggyback" on existing comment ( e.g - //indirect) , for example:
-```go
+```mod
module github.com/RHEcosystemAppEng/SaaSi/deployer
go 1.19
@@ -229,7 +240,7 @@ go 1.19
require (
github.com/gin-gonic/gin v1.9.1
github.com/google/uuid v1.1.2
- github.com/jessevdk/go-flags v1.5.0 //exhortignore
+ github.com/jessevdk/go-flags v1.5.0 //trustify-da-ignore
github.com/kr/pretty v0.3.1
gopkg.in/yaml.v2 v2.4.0
k8s.io/apimachinery v0.26.1
@@ -237,21 +248,23 @@ require (
)
require (
- github.com/davecgh/go-spew v1.1.1 // indirect exhortignore
+ github.com/davecgh/go-spew v1.1.1 // indirect trustify-da-ignore
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
- github.com/go-logr/logr v1.2.3 // indirect //exhortignore
-
+ github.com/go-logr/logr v1.2.3 // indirect trustify-da-ignore
)
```
+
+
+-
+Python pip users can add in requirement text a comment with #trustify-da-ignore(or # trustify-da-ignore) to the right of the same artifact to be ignored, for example:
-Python pip users can add in requirement text a comment with #exhortignore(or # exhortignore) to the right of the same artifact to be ignored, for example:
```properties
anyio==3.6.2
asgiref==3.4.1
beautifulsoup4==4.12.2
certifi==2023.7.22
chardet==4.0.0
-click==8.0.4 #exhortignore
+click==8.0.4 #trustify-da-ignore
contextlib2==21.6.0
fastapi==0.75.1
Flask==2.0.3
@@ -262,9 +275,9 @@ importlib-metadata==4.8.3
itsdangerous==2.0.1
Jinja2==3.0.3
MarkupSafe==2.0.1
-pydantic==1.9.2 # exhortignore
+pydantic==1.9.2 # trustify-da-ignore
requests==2.25.1
-six==1.16.0
+six==1.16.0
sniffio==1.2.0
soupsieve==2.3.2.post1
starlette==0.17.1
@@ -273,12 +286,16 @@ urllib3==1.26.16
uvicorn==0.17.0
Werkzeug==2.0.3
zipp==3.6.0
-
```
-Gradle users can add in build.gradle a comment with //exhortignore next to the package to be ignored:
+
+
+-
+Gradle users can add in build.gradle a comment with //trustify-da-ignore next to the package to be ignored:
```build.gradle
+
+```groovy
plugins {
-id 'java'
+ id 'java'
}
group = 'groupName'
@@ -289,32 +306,31 @@ repositories {
}
dependencies {
- implementation "groupId:artifactId:version" // exhortignore
+ implementation "groupId:artifactId:version" // trustify-da-ignore
}
+
test {
useJUnitPlatform()
}
```
+
+
-All of the 5 above examples are valid for marking a package to be ignored
#### Ignore Strategies - experimental
- You can specify the method to ignore dependencies in manifest (globally), by setting the environment variable `TRUSTIFY_DA_IGNORE_METHOD` to one of the following values: \
- **_Possible values:_**
-- `insensitive` - ignoring the dependency and all of its subtree(all transitives) - default.
-- `sensitive` - ignoring the dependency but let its transitives remain if they are also transitive of another dependency in the tree or if they're direct dependency of root in the dependency tree.
-
-
+You can specify the method to ignore dependencies in manifest (globally), by setting the environment variable `TRUSTIFY_DA_IGNORE_METHOD` to one of the following values:
-
+**Possible values:**
+- `insensitive` - ignoring the dependency and all of its subtree(all transitives) - default.
+- `sensitive` - ignoring the dependency but let its transitives remain if they are also transitive of another dependency in the tree or if they're direct dependency of root in the dependency tree.
Customization
There are 2 approaches for customizing Trustify DA Java Client. Using Environment Variables or
Java Properties:
-```java
+```text
System.setProperty("TRUSTIFY_DA_MVN_PATH", "/path/to/custom/mvn");
System.setProperty("TRUSTIFY_DA_NPM_PATH", "/path/to/custom/npm");
System.setProperty("TRUSTIFY_DA_PNPM_PATH", "/path/to/custom/pnpm");
@@ -473,7 +489,7 @@ export TRUSTIFY_DA_MVN_LOCAL_REPO=/home/user/custom-maven-repo
```
Using Java properties:
-```java
+```text
System.setProperty("TRUSTIFY_DA_MVN_USER_SETTINGS", "/home/user/.m2/custom-settings.xml");
System.setProperty("TRUSTIFY_DA_MVN_LOCAL_REPO", "/home/user/custom-maven-repo");
```
diff --git a/catalog-info.yaml b/catalog-info.yaml
index 5ef62924..c30e46cf 100644
--- a/catalog-info.yaml
+++ b/catalog-info.yaml
@@ -2,7 +2,7 @@ apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
annotations:
- backstage.io/kuberqnetes-id: trustify-da-java-client
+ backstage.io/kubernetes-id: trustify-da-java-client
github.com/project-slug: guacsec/trustify-da-java-client
github.com/project-readme-path: README.md
backstage.io/view-url: https://github.com/guacsec/trustify-da-java-client/blob/main/catalog-info.yaml
diff --git a/src/main/java/io/github/guacsec/trustifyda/providers/GoModulesProvider.java b/src/main/java/io/github/guacsec/trustifyda/providers/GoModulesProvider.java
index 2e71cb8b..32747aca 100644
--- a/src/main/java/io/github/guacsec/trustifyda/providers/GoModulesProvider.java
+++ b/src/main/java/io/github/guacsec/trustifyda/providers/GoModulesProvider.java
@@ -28,6 +28,7 @@
import io.github.guacsec.trustifyda.tools.Ecosystem.Type;
import io.github.guacsec.trustifyda.tools.Operations;
import io.github.guacsec.trustifyda.utils.Environment;
+import io.github.guacsec.trustifyda.utils.IgnorePatternDetector;
import io.github.guacsec.trustifyda.vcs.GitVersionControlSystemImpl;
import io.github.guacsec.trustifyda.vcs.TagInfo;
import io.github.guacsec.trustifyda.vcs.VersionControlSystem;
@@ -459,15 +460,16 @@ private String extractPackageName(String line) {
public boolean IgnoredLine(String line) {
boolean result = false;
- if (line.contains("exhortignore")) {
- // if exhortignore is alone in a comment or is in a comment together with indirect or as a
+ if (IgnorePatternDetector.containsIgnorePattern(line)) {
+ // if exhortignore or trustify-da-ignore is alone in a comment or is in a comment together
+ // with indirect or as a
// comment inside a
// comment ( e.g // indirect //exhort)
// then this line is to be checked if it's a comment after a package name.
- if (Pattern.matches(".+//\\s*exhortignore", line)
- || Pattern.matches(".+//\\sindirect (//)?\\s*exhortignore", line)) {
+ if (Pattern.matches(".+//\\s*(exhortignore|trustify-da-ignore)", line)
+ || Pattern.matches(".+//\\sindirect (//)?\\s*(exhortignore|trustify-da-ignore)", line)) {
String trimmedRow = line.trim();
- // filter out lines where exhortignore has no meaning
+ // filter out lines where exhortignore or trustify-da-ignore has no meaning
if (!trimmedRow.startsWith("module ")
&& !trimmedRow.startsWith("go ")
&& !trimmedRow.startsWith("require (")
diff --git a/src/main/java/io/github/guacsec/trustifyda/providers/GradleProvider.java b/src/main/java/io/github/guacsec/trustifyda/providers/GradleProvider.java
index d4c11895..8ca4ef61 100644
--- a/src/main/java/io/github/guacsec/trustifyda/providers/GradleProvider.java
+++ b/src/main/java/io/github/guacsec/trustifyda/providers/GradleProvider.java
@@ -27,6 +27,7 @@
import io.github.guacsec.trustifyda.sbom.SbomFactory;
import io.github.guacsec.trustifyda.tools.Ecosystem.Type;
import io.github.guacsec.trustifyda.tools.Operations;
+import io.github.guacsec.trustifyda.utils.IgnorePatternDetector;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
@@ -202,7 +203,7 @@ private boolean depHasLibsNotation(String depToBeIgnored) {
}
private boolean isIgnoredLine(String line) {
- return line.contains("exhortignore");
+ return IgnorePatternDetector.containsIgnorePattern(line);
}
private String extractPackageName(String line) {
diff --git a/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java b/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java
index 5e2192ec..424c2d0a 100644
--- a/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java
+++ b/src/main/java/io/github/guacsec/trustifyda/providers/JavaMavenProvider.java
@@ -28,6 +28,7 @@
import io.github.guacsec.trustifyda.tools.Ecosystem.Type;
import io.github.guacsec.trustifyda.tools.Operations;
import io.github.guacsec.trustifyda.utils.Environment;
+import io.github.guacsec.trustifyda.utils.IgnorePatternDetector;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
@@ -277,7 +278,7 @@ private List getDependencies(final Path manifestPath) thro
if (!Objects.isNull(dependencyAggregator)) {
// if we hit an ignore comment, mark aggregator to be ignored
if (reader.getEventType() == XMLStreamConstants.COMMENT
- && "exhortignore".equals(reader.getText().strip())) {
+ && isIgnoreComment(reader.getText())) {
dependencyAggregator.ignored = true;
continue;
}
@@ -491,4 +492,17 @@ public static String normalizePath(String thePath) {
}
return result;
}
+
+ /**
+ * Checks if a comment text exactly matches an ignore pattern. Used for XML comment detection in
+ * pom.xml files.
+ *
+ * @param commentText the comment text to check (will be stripped of whitespace)
+ * @return true if the comment exactly matches an ignore pattern
+ */
+ private boolean isIgnoreComment(String commentText) {
+ String stripped = commentText.strip();
+ return IgnorePatternDetector.IGNORE_PATTERN.equals(stripped)
+ || IgnorePatternDetector.LEGACY_IGNORE_PATTERN.equals(stripped);
+ }
}
diff --git a/src/main/java/io/github/guacsec/trustifyda/providers/JavaScriptProvider.java b/src/main/java/io/github/guacsec/trustifyda/providers/JavaScriptProvider.java
index 64aac6ea..85c968f9 100644
--- a/src/main/java/io/github/guacsec/trustifyda/providers/JavaScriptProvider.java
+++ b/src/main/java/io/github/guacsec/trustifyda/providers/JavaScriptProvider.java
@@ -36,10 +36,8 @@
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
-import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
-import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.TreeMap;
@@ -240,18 +238,6 @@ protected String parseDepTreeOutput(String output) {
return output;
}
- protected List getIgnoredDeps(JsonNode manifest) {
- var ignored = new ArrayList();
- var ignoredNode = manifest.withArray("exhortignore");
- if (ignoredNode == null) {
- return ignored;
- }
- for (JsonNode n : ignoredNode) {
- ignored.add(n.asText());
- }
- return ignored;
- }
-
protected Map getExecEnv() {
String pathEnv = Environment.get(pathEnv());
if (pathEnv != null && !pathEnv.isBlank()) {
diff --git a/src/main/java/io/github/guacsec/trustifyda/providers/PythonPipProvider.java b/src/main/java/io/github/guacsec/trustifyda/providers/PythonPipProvider.java
index c1bffb88..c11c9bb5 100644
--- a/src/main/java/io/github/guacsec/trustifyda/providers/PythonPipProvider.java
+++ b/src/main/java/io/github/guacsec/trustifyda/providers/PythonPipProvider.java
@@ -29,6 +29,7 @@
import io.github.guacsec.trustifyda.tools.Ecosystem;
import io.github.guacsec.trustifyda.tools.Operations;
import io.github.guacsec.trustifyda.utils.Environment;
+import io.github.guacsec.trustifyda.utils.IgnorePatternDetector;
import io.github.guacsec.trustifyda.utils.PythonControllerBase;
import io.github.guacsec.trustifyda.utils.PythonControllerRealEnv;
import io.github.guacsec.trustifyda.utils.PythonControllerVirtualEnv;
@@ -168,12 +169,26 @@ private void handleIgnoredDependencies(String manifestContent, Sbom sbom) {
}
}
+ /**
+ * Checks if a text line contains a Python pip ignore pattern. Handles both '#exhortignore' and
+ * '#trustify-da-ignore' with optional spacing.
+ *
+ * @param line the line to check
+ * @return true if the line contains a Python pip ignore pattern
+ */
+ private boolean containsPythonIgnorePattern(String line) {
+ return line.contains("#" + IgnorePatternDetector.IGNORE_PATTERN)
+ || line.contains("# " + IgnorePatternDetector.IGNORE_PATTERN)
+ || line.contains("#" + IgnorePatternDetector.LEGACY_IGNORE_PATTERN)
+ || line.contains("# " + IgnorePatternDetector.LEGACY_IGNORE_PATTERN);
+ }
+
private Set getIgnoredDependencies(String requirementsDeps) {
String[] requirementsLines = requirementsDeps.split(System.lineSeparator());
Set collected =
Arrays.stream(requirementsLines)
- .filter(line -> line.contains("#exhortignore") || line.contains("# exhortignore"))
+ .filter(this::containsPythonIgnorePattern)
.map(PythonPipProvider::extractDepFull)
.map(this::splitToNameVersion)
.map(dep -> toPurl(dep[0], dep[1]))
diff --git a/src/main/java/io/github/guacsec/trustifyda/providers/javascript/model/Manifest.java b/src/main/java/io/github/guacsec/trustifyda/providers/javascript/model/Manifest.java
index 87a26703..2be133d0 100644
--- a/src/main/java/io/github/guacsec/trustifyda/providers/javascript/model/Manifest.java
+++ b/src/main/java/io/github/guacsec/trustifyda/providers/javascript/model/Manifest.java
@@ -18,9 +18,9 @@
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.node.ArrayNode;
import com.github.packageurl.PackageURL;
import io.github.guacsec.trustifyda.providers.JavaScriptProvider;
+import io.github.guacsec.trustifyda.utils.IgnorePatternDetector;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
@@ -68,14 +68,18 @@ private Set loadDependencies(JsonNode content) {
}
private Set loadIgnored(JsonNode content) {
- var names = new HashSet();
- if (content != null) {
- var ignore = (ArrayNode) content.get("exhortignore");
- if (ignore == null || ignore.isEmpty()) {
- return Collections.emptySet();
- }
- ignore.forEach(n -> names.add(n.asText()));
+ if (content == null) {
+ return Collections.emptySet();
}
- return Collections.unmodifiableSet(names);
+ var node = content.get(IgnorePatternDetector.IGNORE_PATTERN);
+ if (node == null || node.isEmpty()) {
+ node = content.get(IgnorePatternDetector.LEGACY_IGNORE_PATTERN);
+ }
+ if (node != null && !node.isEmpty()) {
+ var names = new HashSet();
+ node.forEach(n -> names.add(n.asText()));
+ return Collections.unmodifiableSet(names);
+ }
+ return Collections.emptySet();
}
}
diff --git a/src/main/java/io/github/guacsec/trustifyda/utils/IgnorePatternDetector.java b/src/main/java/io/github/guacsec/trustifyda/utils/IgnorePatternDetector.java
new file mode 100644
index 00000000..1dfd41b7
--- /dev/null
+++ b/src/main/java/io/github/guacsec/trustifyda/utils/IgnorePatternDetector.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2023-2025 Trustify Dependency Analytics Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.github.guacsec.trustifyda.utils;
+
+/**
+ * Utility class for detecting ignore patterns in dependency manifests. Supports both legacy
+ * 'exhortignore' and new 'trustify-da-ignore' patterns for backwards compatibility.
+ */
+public class IgnorePatternDetector {
+
+ public static final String LEGACY_IGNORE_PATTERN = "exhortignore";
+ public static final String IGNORE_PATTERN = "trustify-da-ignore";
+
+ /**
+ * Checks if a text line contains any ignore pattern (exhortignore or trustify-da-ignore). Used
+ * for inline comment detection in requirements.txt, go.mod, build.gradle, etc.
+ *
+ * @param text the text to check
+ * @return true if the text contains any ignore pattern
+ */
+ public static boolean containsIgnorePattern(String text) {
+ return text.contains(LEGACY_IGNORE_PATTERN) || text.contains(IGNORE_PATTERN);
+ }
+}
diff --git a/src/test/resources/tst_manifests/golang/go_mod_with_all_ignore/go.mod b/src/test/resources/tst_manifests/golang/go_mod_with_all_ignore/go.mod
index b5f5eb21..e85d70f6 100644
--- a/src/test/resources/tst_manifests/golang/go_mod_with_all_ignore/go.mod
+++ b/src/test/resources/tst_manifests/golang/go_mod_with_all_ignore/go.mod
@@ -3,11 +3,11 @@ module github.com/devfile-samples/devfile-sample-go-basic
go 1.19
require(
- github.com/labstack/echo/v4 v4.1.18-0.20201215153152-4422e3b66b9f //exhortignore
- github.com/russellhaering/goxmldsig v1.1.0 //exhortignore
- github.com/gin-gonic/gin v1.6.0 //exhortignore
- github.com/miekg/dns v1.0.4-0.20180125103619-43913f2f4fbd //exhortignore
- github.com/ipld/go-car v0.3.0 //exhortignore
- go.elastic.co/apm v1.11.0 //exhortignore
- gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e //exhortignore
+ github.com/labstack/echo/v4 v4.1.18-0.20201215153152-4422e3b66b9f //trustify-da-ignore
+ github.com/russellhaering/goxmldsig v1.1.0 //trustify-da-ignore
+ github.com/gin-gonic/gin v1.6.0 //trustify-da-ignore
+ github.com/miekg/dns v1.0.4-0.20180125103619-43913f2f4fbd //trustify-da-ignore
+ github.com/ipld/go-car v0.3.0 //trustify-da-ignore
+ go.elastic.co/apm v1.11.0 //trustify-da-ignore
+ gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e //trustify-da-ignore
)
diff --git a/src/test/resources/tst_manifests/golang/go_mod_with_ignore/go.mod b/src/test/resources/tst_manifests/golang/go_mod_with_ignore/go.mod
index 7ee7a08f..48fc55c3 100644
--- a/src/test/resources/tst_manifests/golang/go_mod_with_ignore/go.mod
+++ b/src/test/resources/tst_manifests/golang/go_mod_with_ignore/go.mod
@@ -5,7 +5,7 @@ go 1.19
require (
github.com/gin-gonic/gin v1.9.1
github.com/google/uuid v1.1.2
- github.com/jessevdk/go-flags v1.5.0 //exhortignore
+ github.com/jessevdk/go-flags v1.5.0 //trustify-da-ignore
github.com/kr/pretty v0.3.1
gopkg.in/yaml.v2 v2.4.0
k8s.io/apimachinery v0.26.1
@@ -15,13 +15,13 @@ require (
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
- github.com/go-logr/logr v1.2.3 // indirect exhortignore
+ github.com/go-logr/logr v1.2.3 // indirect trustify-da-ignore
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.20.0 // indirect
github.com/go-openapi/swag v0.19.14 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.2 // indirect
- github.com/google/gnostic v0.5.7-v3refs // indirect //exhortignore
+ github.com/google/gnostic v0.5.7-v3refs // indirect //trustify-da-ignore
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.1.0 // indirect
github.com/imdario/mergo v0.3.6 // indirect
diff --git a/src/test/resources/tst_manifests/golang/go_mod_with_one_ignored_prefix_go/go.mod b/src/test/resources/tst_manifests/golang/go_mod_with_one_ignored_prefix_go/go.mod
index f8e29c7e..1692460d 100644
--- a/src/test/resources/tst_manifests/golang/go_mod_with_one_ignored_prefix_go/go.mod
+++ b/src/test/resources/tst_manifests/golang/go_mod_with_one_ignored_prefix_go/go.mod
@@ -11,5 +11,5 @@ require(
github.com/miekg/dns v1.0.4-0.20180125103619-43913f2f4fbd
github.com/ipld/go-car v0.3.0
go.elastic.co/apm v1.11.0
- gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e //exhortignore
+ gopkg.in/yaml.v3 v3.0.0-20220521103104-8f96da9f5d5e //trustify-da-ignore
)
diff --git a/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_full_specification/build.gradle b/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_full_specification/build.gradle
index 30c88ff1..1950b4c0 100644
--- a/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_full_specification/build.gradle
+++ b/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_full_specification/build.gradle
@@ -21,7 +21,7 @@ dependencies {
implementation "jakarta.validation:jakarta.validation-api:2.0.2"
implementation "io.quarkus:quarkus-resteasy-multipart:2.13.7.Final"
implementation "io.quarkus:quarkus-hibernate-orm-deployment:2.0.2.Final"
- implementation "log4j:log4j:1.2.17" // exhortignore
+ implementation "log4j:log4j:1.2.17" // trustify-da-ignore
}
test {
useJUnitPlatform()
diff --git a/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_named_params/build.gradle b/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_named_params/build.gradle
index a2a7a951..fed76d61 100644
--- a/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_named_params/build.gradle
+++ b/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_named_params/build.gradle
@@ -21,7 +21,7 @@ dependencies {
implementation "jakarta.validation:jakarta.validation-api:2.0.2"
implementation "io.quarkus:quarkus-resteasy-multipart:2.13.7.Final"
implementation "io.quarkus:quarkus-hibernate-orm-deployment:2.0.2.Final"
- implementation group: 'log4j', name: 'log4j', version: '1.2.17' // exhortignore
+ implementation group: 'log4j', name: 'log4j', version: '1.2.17' // trustify-da-ignore
implementation "com.acme:invented.dependency:1.0.0"
}
diff --git a/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_notations/build.gradle b/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_notations/build.gradle
index 4d6ad79f..8c0d7caf 100644
--- a/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_notations/build.gradle
+++ b/src/test/resources/tst_manifests/gradle-groovy/deps_with_ignore_notations/build.gradle
@@ -32,7 +32,7 @@ dependencies {
api libs.io.quarkus.quarkus.container.image.docker
api libs.jakarta.validation.jakarta.validation.api
api libs.io.quarkus.quarkus.vertx.http
- api libs.log4j // exhortignore
+ api libs.log4j // trustify-da-ignore
compileOnly libs.io.quarkus.quarkus.hibernate.orm.deployment
}
diff --git a/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_full_specification/build.gradle.kts b/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_full_specification/build.gradle.kts
index 1ec47a09..e0ce97e8 100644
--- a/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_full_specification/build.gradle.kts
+++ b/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_full_specification/build.gradle.kts
@@ -21,7 +21,7 @@ dependencies {
implementation("jakarta.validation:jakarta.validation-api:2.0.2")
implementation("io.quarkus:quarkus-resteasy-multipart:2.13.7.Final")
implementation("io.quarkus:quarkus-hibernate-orm-deployment:2.0.2.Final")
- implementation("log4j:log4j:1.2.17") // exhortignore
+ implementation("log4j:log4j:1.2.17") // trustify-da-ignore
}
tasks.test {
useJUnitPlatform()
diff --git a/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_named_params/build.gradle.kts b/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_named_params/build.gradle.kts
index 8b207180..4bebee08 100644
--- a/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_named_params/build.gradle.kts
+++ b/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_named_params/build.gradle.kts
@@ -21,7 +21,7 @@ dependencies {
implementation("jakarta.validation:jakarta.validation-api:2.0.2")
implementation("io.quarkus:quarkus-resteasy-multipart:2.13.7.Final")
implementation("io.quarkus:quarkus-hibernate-orm-deployment:2.0.2.Final")
- implementation(group: "log4j", name: "log4j", version: "1.2.17") // exhortignore
+ implementation(group: "log4j", name: "log4j", version: "1.2.17") // trustify-da-ignore
implementation("com.acme:invented.dependency:1.0.0")
}
diff --git a/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_notations/build.gradle.kts b/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_notations/build.gradle.kts
index 08f09a89..76bd1924 100644
--- a/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_notations/build.gradle.kts
+++ b/src/test/resources/tst_manifests/gradle-kotlin/deps_with_ignore_notations/build.gradle.kts
@@ -32,7 +32,7 @@ dependencies {
api(libs.io.quarkus.quarkus.container.image.docker)
api(libs.jakarta.validation.jakarta.validation.api)
api(libs.io.quarkus.quarkus.vertx.http)
- api(libs.log4j) // exhortignore
+ api(libs.log4j) // trustify-da-ignore
compileOnly(libs.io.quarkus.quarkus.hibernate.orm.deployment)
}
diff --git a/src/test/resources/tst_manifests/maven/deps_no_trivial_with_ignore/pom.xml b/src/test/resources/tst_manifests/maven/deps_no_trivial_with_ignore/pom.xml
index 94064ed8..369b4225 100644
--- a/src/test/resources/tst_manifests/maven/deps_no_trivial_with_ignore/pom.xml
+++ b/src/test/resources/tst_manifests/maven/deps_no_trivial_with_ignore/pom.xml
@@ -35,7 +35,7 @@
io.quarkus
- quarkus-jdbc-postgresql
+ quarkus-jdbc-postgresql
2.13.6.Final
diff --git a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_artifact/pom.xml b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_artifact/pom.xml
index bd742a1c..39aee032 100644
--- a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_artifact/pom.xml
+++ b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_artifact/pom.xml
@@ -10,7 +10,7 @@
log4j
- log4j
+ log4j
1.2.17
diff --git a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_dependency/pom.xml b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_dependency/pom.xml
index 5440b066..1c7804d1 100644
--- a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_dependency/pom.xml
+++ b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_dependency/pom.xml
@@ -8,7 +8,7 @@
0.0.1
-
+
log4j
log4j
1.2.17
diff --git a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_group/pom.xml b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_group/pom.xml
index 6b518d56..5b61c71b 100644
--- a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_group/pom.xml
+++ b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_group/pom.xml
@@ -9,7 +9,7 @@
- log4j
+ log4j
log4j
1.2.17
diff --git a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_version/pom.xml b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_version/pom.xml
index afa4249b..40cdfa64 100644
--- a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_version/pom.xml
+++ b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_version/pom.xml
@@ -11,7 +11,7 @@
log4j
log4j
- 1.2.17
+ 1.2.17
diff --git a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_wrong/pom.xml b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_wrong/pom.xml
index 32797499..bd34e0bb 100644
--- a/src/test/resources/tst_manifests/maven/deps_with_ignore_on_wrong/pom.xml
+++ b/src/test/resources/tst_manifests/maven/deps_with_ignore_on_wrong/pom.xml
@@ -8,7 +8,7 @@
0.0.1
-
+
log4j
log4j
diff --git a/src/test/resources/tst_manifests/npm/deps_with_ignore/package.json b/src/test/resources/tst_manifests/npm/deps_with_ignore/package.json
index 7fabdf57..866478ed 100644
--- a/src/test/resources/tst_manifests/npm/deps_with_ignore/package.json
+++ b/src/test/resources/tst_manifests/npm/deps_with_ignore/package.json
@@ -26,7 +26,7 @@
"axios": "^0.19.0",
"jsdom": "^19.0.0"
},
- "exhortignore": [
+ "trustify-da-ignore": [
"jsonwebtoken"
]
}
diff --git a/src/test/resources/tst_manifests/pip/pip_requirements_txt_ignore/requirements.txt b/src/test/resources/tst_manifests/pip/pip_requirements_txt_ignore/requirements.txt
index 923fd84f..b2d9e01f 100644
--- a/src/test/resources/tst_manifests/pip/pip_requirements_txt_ignore/requirements.txt
+++ b/src/test/resources/tst_manifests/pip/pip_requirements_txt_ignore/requirements.txt
@@ -3,7 +3,7 @@ asgiref==3.4.1
beautifulsoup4==4.12.2
certifi==2023.7.22
chardet==4.0.0
-click==8.0.4 #exhortignore
+click==8.0.4 #trustify-da-ignore
contextlib2==21.6.0
fastapi==0.75.1
Flask==2.0.3
@@ -14,7 +14,7 @@ importlib-metadata==4.8.3
itsdangerous==2.0.1
Jinja2==3.0.3
MarkupSafe==2.0.1
-pydantic==1.9.2 # exhortignore
+pydantic==1.9.2 # trustify-da-ignore
requests==2.25.1
six==1.16.0
sniffio==1.2.0
diff --git a/src/test/resources/tst_manifests/pnpm/deps_with_ignore/package.json b/src/test/resources/tst_manifests/pnpm/deps_with_ignore/package.json
index c70814f9..0adaa772 100644
--- a/src/test/resources/tst_manifests/pnpm/deps_with_ignore/package.json
+++ b/src/test/resources/tst_manifests/pnpm/deps_with_ignore/package.json
@@ -26,7 +26,7 @@
"axios": "^0.19.0",
"jsdom": "^19.0.0"
},
- "exhortignore": [
+ "trustify-da-ignore": [
"jsonwebtoken"
],
"packageManager": "pnpm@10.8.0+sha512.0e82714d1b5b43c74610193cb20734897c1d00de89d0e18420aebc5977fa13d780a9cb05734624e81ebd81cc876cd464794850641c48b9544326b5622ca29971"
diff --git a/src/test/resources/tst_manifests/yarn-berry/deps_with_ignore/package.json b/src/test/resources/tst_manifests/yarn-berry/deps_with_ignore/package.json
index 003db0f3..231448f8 100644
--- a/src/test/resources/tst_manifests/yarn-berry/deps_with_ignore/package.json
+++ b/src/test/resources/tst_manifests/yarn-berry/deps_with_ignore/package.json
@@ -26,7 +26,7 @@
"mongoose": "^5.9.18",
"nodemon": "^2.0.4"
},
- "exhortignore": [
+ "trustify-da-ignore": [
"jsonwebtoken"
],
"packageManager": "yarn@4.9.1"
diff --git a/src/test/resources/tst_manifests/yarn-classic/deps_with_ignore/package.json b/src/test/resources/tst_manifests/yarn-classic/deps_with_ignore/package.json
index 69239a26..4886dcc4 100644
--- a/src/test/resources/tst_manifests/yarn-classic/deps_with_ignore/package.json
+++ b/src/test/resources/tst_manifests/yarn-classic/deps_with_ignore/package.json
@@ -26,7 +26,7 @@
"axios": "^0.19.0",
"jsdom": "^19.0.0"
},
- "exhortignore": [
+ "trustify-da-ignore": [
"jsonwebtoken"
],
"packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"