Skip to content

chore: bump go-application-framework for secrets report URL rendering#6740

Open
danskmt wants to merge 1 commit intomainfrom
chore/CLI-1429-bump-gaf-report-url-rendering
Open

chore: bump go-application-framework for secrets report URL rendering#6740
danskmt wants to merge 1 commit intomainfrom
chore/CLI-1429-bump-gaf-report-url-rendering

Conversation

@danskmt
Copy link
Copy Markdown
Contributor

@danskmt danskmt commented Apr 22, 2026
edited
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages are release-note ready, emphasizing what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)
  • Includes product update to be announced in the next stable release notes

What does this PR do?

Bumps go-application-framework to pick up the UFM presenter changes that render the WebUI project page link when running snyk secrets test --report.

The updated GAF commit adds:

  • A conditional properties.uploadResult block in the SARIF template with reportUrl, emitted when metadata["project-page-link"] is present.
  • A "Report" footer in the human-readable template showing the project page URL.

Where should the reviewer start?

cliv2/go.mod — the GAF version bump is the only change.

How should this be manually tested?

Run: snyk secrets test . --report --sarif-file-output=results.sarif.json
However sarif output won't work at the current version as cli-extension-secrets is currently not allowing sarif flag: https://github.com/snyk/cli-extension-secrets/blob/2f8f499d3e73f870d6f11a0208f2dd5aae23162a/internal/commands/secretstest/validate.go#L85
Comment those lines and build a custom CLI, you'll see the generated SARIF contains the reportUrl field.

What are the relevant tickets?

CLI-1429

@danskmt danskmt requested review from a team as code owners April 22, 2026 10:35
@snyk-io
Copy link
Copy Markdown

snyk-io Bot commented Apr 22, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-pr-review-bot

This comment has been minimized.

Sign in to view
@danskmt danskmt mentioned this pull request Apr 22, 2026
Open
4 tasks
@danskmt danskmt force-pushed the chore/CLI-1429-bump-gaf-report-url-rendering branch from 92172da to 4d98ba9 Compare April 22, 2026 10:51
@snyk-pr-review-bot
Copy link
Copy Markdown

snyk-pr-review-bot Bot commented Apr 22, 2026

PR Reviewer Guide 🔍

🧪 No relevant tests
🔒 No security concerns identified
⚡ No major issues detected
📚 Repository Context Analyzed

This review considered 4 relevant code sections from 4 files (average relevance: 0.86)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danskmt