analyze method

Future<void> analyze(
  1. PubspecLock pubspecLock,
  2. bool onlyDirectDependencies
)

Implementation

Future<void> analyze(PubspecLock pubspecLock, bool onlyDirectDependencies) async {
  final packages = pubspecLock.packages.entries
      .where((element) => element.value.source == PackageSource.hosted)
      .where((element) => !onlyDirectDependencies || element.value.dependency != 'transitive')
      .map((entry) => PackageInfo(
            name: entry.key,
            type: RepositoryType.pub,
            version: entry.value.version.toString(),
          ))
      .toList();

  final scanResult = await _checkmarxClient.scan(packages);

  final pendingPackages = scanResult.where((element) => element.status == 'PENDING').toList();
  final vulnerablePackages = scanResult.where((element) => element.risks.isNotEmpty).toList();

  _verboseLogInStdout(scanResult, pendingPackages, vulnerablePackages);
  if (vulnerablePackages.isNotEmpty) {
    throw Exception('${vulnerablePackages.length} Vulnerable packages found');
  }
}