Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cmd): add project and docker subcommands to scan #1519

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(cmd): add project and docker subcommands to scan #1519

wants to merge 2 commits into from
+586 −715

Conversation

hogo6002
Copy link
Contributor

This change does not break any existing behaviour.

  • Creates project and docker subcommands for scan.
  • Inserts project as the default subcommand if none is provided.
  • Removes the experimental-oci-image flag and its tests.

For project scanning, users can use the following commands:

  • osv-scanner <file_name>
  • osv-scanner scan <file_name>
  • osv-scanner scan project <file_name>

For docker scanning, users can use the following commands:

  • osv-scanner scan docker <docker_image>
  • osv-scanner scan docker <docker_image.tar>

@codecov-commenter
Copy link

codecov-commenter commented Jan 21, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 57.23906% with 127 lines in your changes missing coverage. Please review.

Project coverage is 68.81%. Comparing base (33c8a7a) to head (7b468ee).

Files with missing lines Patch % Lines
cmd/osv-scanner/scan/project/main.go 66.45% 40 Missing and 14 partials ⚠️
cmd/osv-scanner/scan/docker/main.go 48.75% 33 Missing and 8 partials ⚠️
cmd/osv-scanner/scan/helper/helper.go 0.00% 28 Missing ⚠️
cmd/osv-scanner/main.go 80.95% 3 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1519      +/-   ##
==========================================
- Coverage   68.98%   68.81%   -0.18%     
==========================================
  Files         197      200       +3     
  Lines       18800    18891      +91     
==========================================
+ Hits        12970    13000      +30     
- Misses       5127     5171      +44     
- Partials      703      720      +17

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

oliverchang
oliverchang reviewed Jan 22, 2025
View reviewed changes
cmd/osv-scanner/main_test.go
exit: 127,
},
// TODO: How to prevent these snapshots from changing constantly
{
name: "Real empty image",
args: []string{"", "--docker", "hello-world"},
args: []string{"", "scan", "docker", "hello-world"},
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if someone passes osv-scanner scan docker where docker is a valid directory? Similarly for osv-scanner scan project.

Do we need to handle that in a special way, with a warning printed to users?

cmd/osv-scanner/scan/main.go

const DefaultSubcommand = projectSubCommand

var Subcommands = []string{projectSubCommand, "docker"}
Copy link
Collaborator

@oliverchang oliverchang Jan 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to future proof this, should we instead make this "osv-scanner scan container" as opposed to docker?

cmd/osv-scanner/scan/main.go
"experimental-licenses-summary": "false",
// "experimental-licenses": "", // StringSliceFlag has to be manually cleared.
}
const projectSubCommand = "project"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"project" seems a bit ambiguous. How about "source" ? to distinguish this as a scanner for source context (i.e. scanning manifests etc)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliverchang oliverchang oliverchang left review comments

@another-rex another-rex Awaiting requested review from another-rex

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hogo6002 @codecov-commenter @oliverchang