fix: Support osv-scanner-custom.json as a scannable file type (#2174) #2177
Conversation
another-rex
left a comment
There was a problem hiding this comment.
Looks great!
Can you please also copy cmd/osv-scanner/scan/source/fixtures/locks-insecure/osv-scanner.json to cmd/osv-scanner/scan/source/fixtures/locks-insecure/osv-scanner-custom.json, and then update all snapshots?
This way we have a test for the filename scan working.
As for the docs, just rename the osv-scanner.json file section
internal/scalibrplugin/resolve.go
Outdated
| "github.com/google/osv-scanner/v2/internal/scalibrextract/language/javascript/nodemodules" | ||
| "github.com/google/osv-scanner/v2/internal/scalibrextract/language/python/requirementsenhancable" | ||
| "github.com/google/osv-scanner/v2/internal/scalibrextract/vcs/gitrepo" | ||
| "github.com/google/osv-scanner/v2/internal/scalibrextract/language/osv/osvscannerjson" |
There was a problem hiding this comment.
The imports doesn't seem formatted/ordered correctly here.
|
I also updated the orders, but there are still some issues with the lint script. Since this custom file is not part of the Scalibr package, I wasn’t able to resolve them. Could you please take a look? Also, please check if the documentation is sufficient. |
internal/scalibrplugin/resolve.go
Outdated
| return vendored.New(), nil | ||
| case gitrepo.Name: | ||
| return gitrepo.New(), nil | ||
| case "osv/osvscannerjson": |
There was a problem hiding this comment.
| case "osv/osvscannerjson": | |
| case osvscannerjson.Name: |
| osv-scanner --lockfile osv-scanner:/path/to/osv-scanner.json | ||
| ``` | ||
|
|
||
| For automatic scan detection, you can create an osv-scanner-custom.json file using the same procedure described above for osv-scanner.json. |
There was a problem hiding this comment.
| For automatic scan detection, you can create an osv-scanner-custom.json file using the same procedure described above for osv-scanner.json. | |
| For automatic scan detection, you can create an `osv-scanner-custom.json` file using the same procedure described above for `osv-scanner.json`. |
|
@kuscar it looks like the remaining linting issues are with You'll also need to run |
|
Thank you, that was insanely fast. Please let me know if there’s anything else I can improve. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2177 +/- ##
==========================================
- Coverage 67.49% 67.37% -0.12%
==========================================
Files 170 170
Lines 16328 16357 +29
==========================================
Hits 11020 11020
- Misses 4623 4634 +11
- Partials 685 703 +18 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Known limitation with this current fix, it will fail for the |
We might want to document this limitation somewhere in the docs |
Added support for recognizing osv-scanner-custom.json with the -r option. I wasn’t sure if
"osv-scanner-custom.json": {osvscannerjson.Name},also needs to be added to lockfile.go, since it seems to work without it. Please review and advise on any improvements. I will update the snapshots after.
Do I also need to update the webpage that lists supported files?