Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: replace "skip-git" with "include-git", making git repository scanning not the default #1311

Open
wants to merge 3 commits into
base: v2
Choose a base branch
from
Open

feat: replace "skip-git" with "include-git", making git repository scanning not the default #1311

wants to merge 3 commits into from

Conversation

G-Rath
Copy link
Collaborator

@G-Rath G-Rath commented Oct 8, 2024

BREAKING CHANGE: don't scan git repositories by default, replacing "--skip-git" with "--include-git"

I've gone with renaming the property so it aligns with being false by default, though we could keep the existing property if we really wanted; likewise, I've also changed this for both the API and CLI as I think it makes sense to have them aligned even though we could technically have them different.

Resolves #1277

(also, I think the fact that we use --skip-git in our workflows is another good sign it should be disabled by default 😅)

@G-Rath G-Rath added the V2 Wishlist Enhancements that require a breaking change label Oct 8, 2024
@codecov-commenter
Copy link

codecov-commenter commented Oct 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 80.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 68.43%. Comparing base (e054385) to head (c1409f3).

Files with missing lines Patch % Lines
pkg/osvscanner/osvscanner.go 75.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1311   +/-   ##
=======================================
  Coverage   68.43%   68.43%           
=======================================
  Files         183      183           
  Lines       17606    17606           
=======================================
  Hits        12049    12049           
  Misses       4895     4895           
  Partials      662      662

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@G-Rath G-Rath added the enhancement New feature or request label Oct 8, 2024
@another-rex
chore: Replace package level ignores with entire directory ignores in…
1a651fe 
… our osv-scanner.toml in fixtures (google#1337)

Uses the new feature landed in google#1214
@another-rex
feat: Migrate pomxml extractor which also performs transitive depende…
e67449e 
…ncy resolution (google#1331)

Part of google#1330 

No functional change is made compared to the version in
`internal/manifest`, just switched to use the osv-scalibr interface.

Extractors moved to lockfilescalibr as a temporary staging ground before
moving to osv-scalibr.
@another-rex
Copy link
Collaborator

Can you update the target to the v2 branch?

@G-Rath G-Rath changed the base branch from main to v2 October 24, 2024 04:23
@G-Rath
feat: replace "skip-git" with "include-git", making git repository sc…
c0265ae 
…anning not the default

BREAKING CHANGE: don't scan git repositories by default, replacing "--skip-git" with "--include-git"
@G-Rath G-Rath marked this pull request as ready for review November 4, 2024 19:03
@oliverchang
Copy link
Collaborator

@G-Rath can you update this to only not scan the base repository per #1277 ?

@G-Rath
Copy link
Collaborator Author

G-Rath commented Dec 1, 2024

@oliverchang given we don't have any tests for this area of the scanner and the conflicts with the v2 branch, it might be better if someone else on the team whose more familiar with the C/C++ stuff take this up, if that's possible

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@another-rex another-rex Awaiting requested review from another-rex

@cuixq cuixq Awaiting requested review from cuixq

@hogo6002 hogo6002 Awaiting requested review from hogo6002

@oliverchang oliverchang Awaiting requested review from oliverchang

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
enhancement New feature or request V2 Wishlist Enhancements that require a breaking change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider making "skip git" the default in v2
4 participants
@G-Rath @codecov-commenter @another-rex @oliverchang