Skip to content

Commit

Permalink
fix: PURL handling for GitHub Actions
Browse files Browse the repository at this point in the history
  • Loading branch information
@abhisek
abhisek committed Nov 3, 2024
1 parent f5e7aa9 commit d7356d8
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 2 deletions.
2 changes: 2 additions & 0 deletions pkg/common/purl/purl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ func purlBuildLockfilePackageName(ecosystem lockfile.Ecosystem, group, name stri
return fmt.Sprintf("%s/%s", group, name)
case lockfile.MavenEcosystem:
return fmt.Sprintf("%s:%s", group, name)
case models.EcosystemGitHubActions:
return fmt.Sprintf("%s/%s", group, name)
default:
return name
}
Expand Down
9 changes: 9 additions & 0 deletions pkg/common/purl/purl_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"testing"

"github.com/google/osv-scanner/pkg/lockfile"
"github.com/safedep/vet/pkg/models"
"github.com/stretchr/testify/assert"
)

Expand Down Expand Up @@ -41,6 +42,14 @@ func TestParsePackageUrl(t *testing.T) {
"",
errors.New("failed to map PURL type:unknown to known ecosystem"),
},
{
"Parse GitHub Actions PURL",
"pkg:actions/github/actions@v2",
lockfile.Ecosystem(models.EcosystemGitHubActions),
"github/actions",
"v2",
nil,
},
}

for _, test := range cases {
Expand Down
4 changes: 2 additions & 2 deletions pkg/reporter/sync.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,7 @@ func (s *syncReporter) syncEvent(event *analyzer.AnalyzerEvent) error {
}

logger.Debugf("Report Sync: Publishing policy violation for package: %s/%s/%s/%s",
pkg.GetSpecEcosystem(), pkg.Manifest.GetDisplayPath(), pkg.GetName(), pkg.GetVersion())
pkg.Manifest.GetControlTowerSpecEcosystem(), pkg.Manifest.GetDisplayPath(), pkg.GetName(), pkg.GetVersion())

namespace := pkg.Manifest.GetSource().GetNamespace()
req := controltowerv1.PublishPolicyViolationRequest{
Expand Down Expand Up @@ -398,7 +398,7 @@ func (s *syncReporter) syncPackage(pkg *models.Package) error {
}

logger.Debugf("Report Sync: Publishing package insight for package: %s/%s/%s/%s",
pkg.GetSpecEcosystem(), pkg.Manifest.GetDisplayPath(), pkg.GetName(), pkg.GetVersion())
pkg.Manifest.GetControlTowerSpecEcosystem(), pkg.Manifest.GetDisplayPath(), pkg.GetName(), pkg.GetVersion())

namespace := pkg.Manifest.GetSource().GetNamespace()
req := controltowerv1.PublishPackageInsightRequest{
Expand Down

0 comments on commit d7356d8

Please sign in to comment.