chore(ci) : Setup dependabot and fix security issues (fanal#228)

Co-authored-by: Teppei Fukuda <[email protected]>

.github/dependabot.yml

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+  - package-ecosystem: gomod
+    open-pull-requests-limit: 10
+    directory: /
+    schedule:
+      interval: daily

.github/workflows/test.yml

@@ -16,11 +16,10 @@ jobs:
       id: go
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v1 
+      uses: actions/checkout@v1
 
     - name: Install dependencies
       run: sudo apt-get update && sudo apt-get install libdb-dev
-
     - name: Run unit tests
       run: make test
 

analyzer/library/nuget/nuget_test.go

@@ -59,12 +59,14 @@ func Test_nugetibraryAnalyzer_Analyze(t *testing.T) {
 								Library: godeptypes.Library{
 									Name:    "Newtonsoft.Json",
 									Version: "12.0.3",
-								}},
+								},
+							},
 							{
 								Library: godeptypes.Library{
 									Name:    "NuGet.Frameworks",
 									Version: "5.7.0",
-								}},
+								},
+							},
 						},
 					},
 				},

config/scanner/scanner.go

@@ -13,10 +13,8 @@ import (
 	"github.com/aquasecurity/fanal/types"
 )
 
-var (
-	//go:embed detection.rego
-	defaultDetectionModule string
-)
+//go:embed detection.rego
+var defaultDetectionModule string
 
 type Scanner struct {
 	rootDir    string
@@ -167,7 +165,6 @@ func detectType(ctx context.Context, input interface{}) (string, error) {
 		rego.Query("x = data.config.type.detect"),
 		rego.Module("detection.rego", defaultDetectionModule),
 	).Eval(ctx)
-
 	if err != nil {
 		return "", xerrors.Errorf("rego eval error: %w", err)
 	}

go.mod

@@ -5,26 +5,24 @@ go 1.16
 require (
 	github.com/BurntSushi/toml v0.3.1
 	github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0
-	github.com/Microsoft/hcsshim v0.8.14 // indirect
 	github.com/alicebob/miniredis/v2 v2.14.1
 	github.com/aquasecurity/go-dep-parser v0.0.0-20210802113332-f09967d68412
 	github.com/aquasecurity/testdocker v0.0.0-20210106133225-0b17fe083674
 	github.com/aquasecurity/tfsec v0.46.0
 	github.com/aws/aws-sdk-go v1.37.0
-	github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68 // indirect
-	github.com/containerd/containerd v1.4.3 // indirect
-	github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e // indirect
 	github.com/deckarep/golang-set v1.7.1
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/docker/docker v20.10.3+incompatible
+	github.com/docker/docker v20.10.7+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/go-redis/redis/v8 v8.4.0
+	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/google/go-containerregistry v0.1.2
+	github.com/google/uuid v1.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-hclog v0.15.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/hcl v1.0.0
+	github.com/hashicorp/hcl/v2 v2.10.1 // indirect
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
 	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
 	github.com/knqyf263/go-rpmdb v0.0.0-20201215100354-a9e3110d8ee1
@@ -35,10 +33,11 @@ require (
 	github.com/open-policy-agent/opa v0.25.2
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6
+	github.com/owenrumney/squealer v0.2.28 // indirect
 	github.com/saracen/walker v0.0.0-20191201085201-324a081bae7e
 	github.com/sosedoff/gitkit v0.2.0
 	github.com/stretchr/testify v1.7.0
-	github.com/testcontainers/testcontainers-go v0.9.1-0.20210218153226-c8e070a2f18d
+	github.com/testcontainers/testcontainers-go v0.11.1
 	github.com/tmccombs/hcl2json v0.3.1
 	github.com/urfave/cli/v2 v2.3.0
 	go.etcd.io/bbolt v1.3.5