Tags: open-policy-agent/conftest
Tags
build(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 ( #1175) * build(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * fix: Update "conftest verify --report" tests Upstream OPA changed the behavior of the trace functionality, so the output is slightly different. This does not change the overall behavior of conftest. Signed-off-by: James Alseth <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: James Alseth <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Alseth <[email protected]>
build(deps): bump github.com/open-policy-agent/opa from 1.5.1 to 1.6.0 ( #1149) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.5.1...v1.6.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Switch back to original `conftest test --update` behavior (#1138) * fix: Switch back to original --update behavior In conftest v0.61.0 the behavior of --update changed in order to fetch the policy URLs and stored them in a temporary directory. It broke the previous behavior that updated current policy directory and instead aggregated the current policy (under `policy`) with the one(s) used in `--update`. It also broke the behavior of a project that had no existing `policy`. This reverts commit ed0ff0a. Fixes #1136. Signed-off-by: Leonardo Taccari <[email protected]> * test: Test conftest test --update behavior Add an acceptance test in order to ensure that: - conftest test --update create/populate policy directory - conftest test --update update the policy directory with the now policies that are fetched remotely Fixes #1136. --------- Signed-off-by: Leonardo Taccari <[email protected]>
build(deps): bump github.com/open-policy-agent/opa from 1.5.0 to 1.5.1 ( #1137) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](open-policy-agent/opa@v1.5.0...v1.5.1) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-version: 1.5.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
build(deps): bump github.com/google/go-jsonnet from 0.20.0 to 0.21.0 (#… …1120) Bumps [github.com/google/go-jsonnet](https://github.com/google/go-jsonnet) from 0.20.0 to 0.21.0. - [Release notes](https://github.com/google/go-jsonnet/releases) - [Changelog](https://github.com/google/go-jsonnet/blob/master/.goreleaser.yml) - [Commits](google/go-jsonnet@v0.20.0...v0.21.0) --- updated-dependencies: - dependency-name: github.com/google/go-jsonnet dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
feat: Implement SARIF output (#1042) * feat: add SARIF output format support Add Static Analysis Results Interchange Format (SARIF) v2.1.0 output support to conftest. SARIF is a standard JSON format for static analysis tools. - SARIF v2.1.0 schema compliance - Includes file locations and rule metadata - Tracks execution timing and status - Test coverage - Documentation Signed-off-by: Ville Vesilehto <[email protected]> * feat(output): implement SARIF output using go-sarif library Add Static Analysis Results Interchange Format (SARIF) v2.1.0 output support using the go-sarif library. This provides a standard JSON format for static analysis results with proper schema compliance. Key changes: - Use go-sarif/v2 library instead of custom implementation - Support all result types (failures, warnings, exceptions, successes) - Add comprehensive test coverage with JSON comparison - Document new output format in options.md The SARIF output includes: - File locations and rule metadata - Proper result levels (error/warning/note/none) - Execution status and exit codes - Rule properties from result metadata Signed-off-by: Ville Vesilehto <[email protected]> * refactor: address pr comments - refactor: remove getRuleIndex Use direct map lookups instead - refactor: succinct map lookups Map lookup with a fallback - refactor: move result type logic to addResult func Cleaner code, while not really idiomatic due to go-sarif library design. - fix: treat exceptions as success A file with only exceptions will be treated as a success. Exceptions will still be logged (with level "note") for visibility. The exit code will be 0 (success) when there are only exceptions. - refactor: simplify hasFailures and hasWarnings Risk of typo is too high - refactor: treat exceptions as successes in SARIF output Exceptions are now treated as successes in the SARIF output, removing the separate exception handling. - test: type safe test input for SARIF Probably helps writing further test cases, instead of bare JSON - refactor: use google/go-cmp for json diff Based on PR comment Signed-off-by: Ville Vesilehto <[email protected]> --------- Signed-off-by: Ville Vesilehto <[email protected]>
build(deps): bump golang from 1.23.1-alpine to 1.23.2-alpine (#1012) Bumps golang from 1.23.1-alpine to 1.23.2-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
PreviousNext