Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better osv-scanner fix --non-interactive output #1213

Closed
michaelkedar opened this issue Aug 29, 2024 · 1 comment · Fixed by #1437
Closed

Better osv-scanner fix --non-interactive output #1213

michaelkedar opened this issue Aug 29, 2024 · 1 comment · Fixed by #1437
Labels
backlog Important but currently unprioritized enhancement New feature or request guided remediation Related to guided remediation / osv-scanner fix

Comments

@michaelkedar
Copy link
Member

The current guided remediation terminal output was mostly just thrown together as the easiest way to output the bare minimum information needed for the sample scripted usage.

We should put more thought into how and what information it outputs. Some initial thoughts:

  • A better, machine-readable format, probably JSON
    • Option for other formats to match osv-scanner scan (i.e. a table format)?
  • What information is useful / possible to output? e.g.
  • Multiple output verbosity levels.
  • Better logging of the internals (with verbosity).
  • Separate logs & output on stdout/stderr like the scan action does

Open to suggestions
@michaelkedar michaelkedar added guided remediation Related to guided remediation / osv-scanner fix backlog Important but currently unprioritized enhancement New feature or request labels Aug 29, 2024
@oliverchang
Copy link
Collaborator

@kovacsw

@michaelkedar michaelkedar mentioned this issue Dec 17, 2024
Merged
michaelkedar added a commit that referenced this issue Jan 6, 2025
@michaelkedar
feat(guided remediation): non-interactive JSON output format (#1437)
71e372e 
Closes #1213
Adds `--format` flag to `osv-scanner fix --non-interactive` to choose
between old `text` and new `json` format, which provides a more
machine-readable description of the changes made by guided remediation.
The `text` format should remain unchanged.

Also, renamed the `relock` strategy to `relax` (though maintained
backwards-compatibility) to be a bit less ambiguous.

There are a few things that'll need to change with osv-scanner v2. In
particular, the way the reporter interface is being used. I'll need to
revisit this when those are refactored.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog Important but currently unprioritized enhancement New feature or request guided remediation Related to guided remediation / osv-scanner fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(guided remediation): non-interactive JSON output format michaelkedar/osv-scanner
2 participants
@oliverchang @michaelkedar