Skip to content

Adds skip snippet and scanoss setting feature #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Dec 10, 2024
Merged

Adds skip snippet and scanoss setting feature #28

merged 14 commits into from
Dec 10, 2024

Conversation

agustingroh
Copy link
Collaborator

What

  • Adds skip snippet flag
  • Refactor on Policies
  • Adds scanoss settings (Export undeclared results as scanoss settings when scanossSettings flag is enabled)
  • Upgrades scanoss-py version to v1.18.0
  • Adds integration tests

@agustingroh agustingroh requested a review from eeisegn November 15, 2024 12:59
@agustingroh agustingroh self-assigned this Nov 15, 2024
@agustingroh agustingroh force-pushed the feat/groh/Add-skip-snippet-flag branch from d8d3e3b to b4b18a1 Compare November 15, 2024 14:23
matiasdaloia
matiasdaloia reviewed Nov 15, 2024
View reviewed changes
codescantask/app.input.ts
export const RUNTIME_CONTAINER = tl.getInput('runtimeContainer') || "ghcr.io/scanoss/scanoss-py:v1.18.0";
export const SKIP_SNIPPETS = tl.getInput('skipSnippets') === 'true';
export const SCAN_FILES = tl.getInput('scanFiles') === 'true';
export const SCANOSS_SETTINGS = tl.getInput('scanossSettings') === 'true';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here maybe we should do a check for the RUNTIME_CONTAINER

We should only allow to pass SCANOSS_SETTINGS and SETTINGS_FILE_PATH if the scanoss.py version supports it

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Every Azure task has pingued an scanoss-py version. We shouldn´t have to check for the RUNTIME_CONTAINER

codescantask/policies/undeclared-policy-check.ts
private buildArgs(): Array<string> {
return ['run', '-v', `${REPO_DIR}:/scanoss`, RUNTIME_CONTAINER, 'inspect', 'undeclared', '--input',
OUTPUT_FILEPATH, '--format', 'md',
...(!SCANOSS_SETTINGS ? ['--sbom-format', 'legacy']: []) // Sets sbom format output to legacy if SCANOSS_SETTINGS is not true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if default SBOM_FILEPATH does not exists and SCANOSS_SETTINGS is false? We should pass --sbom-format anyways?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the SBOM_FILEPATH has a default value set. If the file is not found and the SCANOSS_SETTINGS is set to false, we use the legacy sbom format

@agustingroh agustingroh force-pushed the feat/groh/Add-skip-snippet-flag branch from 258488b to 63ca94c Compare December 10, 2024 14:21
@agustingroh agustingroh merged commit 90116c0 into main Dec 10, 2024
1 check passed
@agustingroh agustingroh deleted the feat/groh/Add-skip-snippet-flag branch December 10, 2024 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eeisegn eeisegn eeisegn approved these changes

@matiasdaloia matiasdaloia Awaiting requested review from matiasdaloia

Assignees

@agustingroh agustingroh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@agustingroh @eeisegn @matiasdaloia