Skip to content

Commit

Permalink
feat: replace "skip-git" with "include-git", making git repository sc…
Browse files Browse the repository at this point in the history
…anning not the default

BREAKING CHANGE: don't scan git repositories by default, replacing "--skip-git" with "--include-git"
  • Loading branch information
G-Rath committed Oct 24, 2024
1 parent e67449e commit c0265ae
Show file tree
Hide file tree
Showing 8 changed files with 8 additions and 17 deletions.
1 change: 0 additions & 1 deletion .github/workflows/osv-scanner-reusable-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ on:
type: string
default: |-
-r
--skip-git
./
results-file-name:
description: "File name of the result SARIF file"
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/osv-scanner-reusable.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ on:
type: string
default: |-
-r
--skip-git
./
results-file-name:
description: "File name of the result SARIF file"
Expand Down
2 changes: 0 additions & 2 deletions .github/workflows/osv-scanner-unified-action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ jobs:
with:
# Just scan the root directory and docs, since everything else is fixtures
scan-args: |-
--skip-git
./
./docs/
scan-pr:
Expand All @@ -52,6 +51,5 @@ jobs:
with:
# Just scan the root directory and docs, since everything else is fixtures
scan-args: |-
--skip-git
./
./docs/
1 change: 0 additions & 1 deletion .github/workflows/prerelease-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ jobs:
# Only scan the top level go.mod file without recursively scanning directories since
# this is pipeline is about releasing the go module and binary
scan-args: |-
--skip-git
./
format:
Expand Down
1 change: 0 additions & 1 deletion actions/scanner/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ inputs:
scan-args:
description: "Arguments to osv-scanner, separated by new line"
default: |-
--skip-git
--recursive
./
runs:
Expand Down
6 changes: 3 additions & 3 deletions cmd/osv-scanner/scan/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,8 @@ func Command(stdout, stderr io.Writer, r *reporter.Reporter) *cli.Command {
TakesFile: true,
},
&cli.BoolFlag{
Name: "skip-git",
Usage: "skip scanning git repositories",
Name: "include-git",
Usage: "include scanning git repositories",
Value: false,
},
&cli.BoolFlag{
Expand Down Expand Up @@ -226,7 +226,7 @@ func action(context *cli.Context, stdout, stderr io.Writer) (reporter.Reporter,
SBOMPaths: context.StringSlice("sbom"),
DockerContainerNames: context.StringSlice("docker"),
Recursive: context.Bool("recursive"),
SkipGit: context.Bool("skip-git"),
IncludeGit: context.Bool("include-git"),
NoIgnore: context.Bool("no-ignore"),
ConfigOverridePath: context.String("config"),
DirectoryPaths: context.Args().Slice(),
Expand Down
3 changes: 0 additions & 3 deletions docs/github-action.md
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,6 @@ jobs:
# Only scan the top level go.mod file without recursively scanning directories since
# this is pipeline is about releasing the go module and binary
scan-args: |-
--skip-git
./
permissions:
# Require writing security events to upload SARIF file to security tab
Expand Down Expand Up @@ -167,7 +166,6 @@ The GitHub Actions have the following optional inputs:
Default:
```bash
--recursive # Recursively scan subdirectories
--skip-git=true # Skip commit scanning to focus on dependencies
./ # Start the scan from the root of the repository
```
- `results-file-name`: This is the name of the final SARIF file uploaded to Github.
Expand Down Expand Up @@ -202,7 +200,6 @@ jobs:
with:
scan-args: |-
--recursive
--skip-git=true
./
```

Expand Down
10 changes: 5 additions & 5 deletions pkg/osvscanner/osvscanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ type ScannerActions struct {
DirectoryPaths []string
GitCommits []string
Recursive bool
SkipGit bool
IncludeGit bool
NoIgnore bool
DockerContainerNames []string
ConfigOverridePath string
Expand Down Expand Up @@ -114,7 +114,7 @@ const (
// - Any lockfiles with scanLockfile
// - Any SBOM files with scanSBOMFile
// - Any git repositories with scanGit
func scanDir(r reporter.Reporter, dir string, skipGit bool, recursive bool, useGitIgnore bool, compareOffline bool, transitiveAct TransitiveScanningActions) ([]scannedPackage, error) {
func scanDir(r reporter.Reporter, dir string, includeGit bool, recursive bool, useGitIgnore bool, compareOffline bool, transitiveAct TransitiveScanningActions) ([]scannedPackage, error) {
var ignoreMatcher *gitIgnoreMatcher
if useGitIgnore {
var err error
Expand Down Expand Up @@ -158,7 +158,7 @@ func scanDir(r reporter.Reporter, dir string, skipGit bool, recursive bool, useG
}
}

if !skipGit && info.IsDir() && info.Name() == ".git" {
if includeGit && info.IsDir() && info.Name() == ".git" {
pkgs, err := scanGit(r, filepath.Dir(path)+"/")
if err != nil {
r.Infof("scan failed for git repository, %s: %v\n", path, err)
Expand Down Expand Up @@ -857,7 +857,7 @@ func DoScan(actions ScannerActions, r reporter.Reporter) (models.VulnerabilityRe
}

if actions.CompareOffline {
actions.SkipGit = true
actions.IncludeGit = false

if len(actions.ScanLicensesAllowlist) > 0 || actions.ScanLicensesSummary {
return models.VulnerabilityResults{}, errors.New("cannot retrieve licenses locally")
Expand Down Expand Up @@ -932,7 +932,7 @@ func DoScan(actions ScannerActions, r reporter.Reporter) (models.VulnerabilityRe

for _, dir := range actions.DirectoryPaths {
r.Infof("Scanning dir %s\n", dir)
pkgs, err := scanDir(r, dir, actions.SkipGit, actions.Recursive, !actions.NoIgnore, actions.CompareOffline, actions.TransitiveScanningActions)
pkgs, err := scanDir(r, dir, actions.IncludeGit, actions.Recursive, !actions.NoIgnore, actions.CompareOffline, actions.TransitiveScanningActions)
if err != nil {
return models.VulnerabilityResults{}, err
}
Expand Down

0 comments on commit c0265ae

Please sign in to comment.