Skip to content

Commit

Permalink
Merge branch 'main' into action-docs
Browse files Browse the repository at this point in the history
  • Loading branch information
Hayley Denbraver authored Sep 19, 2023
2 parents b8aabe0 + a659b3b commit ce9f126
Show file tree
Hide file tree
Showing 16 changed files with 129 additions and 86 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
fetch-depth: 0
- name: Set up Go
Expand All @@ -33,17 +33,17 @@ jobs:
uses: ./.github/workflows/test-action
- name: Run Lints
uses: ./.github/workflows/lint-action
- uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
- uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
- name: ghcr-login
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
id: run-goreleaser
uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0
uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
with:
version: latest
args: release --rm-dist
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
persist-credentials: false
fetch-depth: 0
Expand Down
5 changes: 2 additions & 3 deletions .github/workflows/osv-scanner-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: osv-scanner
name: OSV-Scanner PR Scan

on:
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
merge_group:
branches: [ main ]
Expand All @@ -25,5 +24,5 @@ on:
permissions: read-all

jobs:
scan-pr-attempt:
scan-pr:
uses: "./.github/workflows/osv-scanner-reusable-pr.yml"
31 changes: 19 additions & 12 deletions .github/workflows/osv-scanner-reusable-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: OSV-Scanner PR scanning
name: OSV-Scanner PR scanning reusable

on:
workflow_call:
Expand All @@ -21,7 +21,7 @@ jobs:
scan-pr:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Do persist credentials, as we need it for the git checkout later
Expand All @@ -31,25 +31,32 @@ jobs:
uses: google/osv-scanner/actions/scanner@main
continue-on-error: true
with:
results-format: json
results-file: old-results.json
to-scan: .
scan-args: |-
--format=json
--output=old-results.json
-r
--skip-git
./
- name: "Checkout current branch"
run: git checkout $GITHUB_SHA
- name: "Run scanner on new code"
uses: google/osv-scanner/actions/scanner@main
with:
results-format: json
results-file: new-results.json
to-scan: .
scan-args: |-
--format=json
--output=new-results.json
-r
--skip-git
./
continue-on-error: true
- name: "Run osv-scanner-reporter"
uses: google/osv-scanner/actions/reporter@main
with:
output-sarif-file: final-results.sarif
old-results: old-results.json
new-results: new-results.json
gh-annotations: true
scan-args: |-
--output=final-results.sarif
--old=old-results.json
--new=new-results.json
--gh-annotations=true
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
Expand Down
14 changes: 8 additions & 6 deletions .github/workflows/osv-scanner-reusable-scheduled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: OSV-Scanner Scheduled scanning
name: OSV-Scanner scheduled scan reusable

on:
workflow_call:
Expand All @@ -21,14 +21,16 @@ jobs:
scan-scheduled:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: "Run scanner"
uses: google/osv-scanner/actions/scanner@main
with:
results-format: sarif
results-file: results.sarif
to-scan: .
recursive-scan: true
scan-args: |-
--output=results.sarif
--format=sarif
-r
--skip-git
./
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/osv-scanner-scheduled.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: osv-scanner
name: OSV-Scanner Scheduled Scan

on:
schedule:
- cron: '12 12 * * 1'
push:
branches: [ "main" ]

# Declare default permissions as read only.
permissions:
# Require writing security events to upload SARIF file to security tab
security-events: write
# Only need to read contents
contents: read

jobs:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:

steps:
- name: "Checkout code"
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
persist-credentials: false

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
with:
persist-credentials: false
fetch-depth: 0
Expand Down
19 changes: 3 additions & 16 deletions actions/reporter/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,12 @@
name: 'osv-scanner-reporter'
description: 'Specialized reporting of scanner results for github actions'
inputs:
output-sarif-file:
description: 'Output SARIF file path'
required: true
gh-annotations:
description: 'Whether to print github annotations'
default: false
old-results:
description: 'Old results to get the difference against'
required: false
default: ""
new-results:
description: 'New results to get the difference against'
scan-args:
description: 'Arguments to osv-scanner, separated by new line'
required: true
runs:
using: 'docker'
image: '../../action.dockerfile'
entrypoint: /root/osv-reporter
args:
- '--output=${{ inputs.output-sarif-file }}'
- '--old=${{ inputs.old-results }}'
- '--new=${{ inputs.new-results }}'
- '--gh-annotations=${{ inputs.gh-annotations }}'
- '${{ inputs.scan-args }}'
25 changes: 7 additions & 18 deletions actions/scanner/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,14 @@
name: 'osv-scanner'
description: 'Scans your directory against the OSV database (Experimental)'
inputs:
to-scan:
description: 'Directories to scan'
default: "./"
results-file:
description: 'Output path'
required: true
results-format:
description: 'Output result format'
default: 'sarif'
recursive-scan:
description: 'Recursively scan though subdirectories'
required: false
default: true
scan-args:
description: 'Arguments to osv-scanner, separated by new line'
default: |-
--skip-git
--recursive
./
runs:
using: 'docker'
image: '../../action.dockerfile'
args:
- '--skip-git'
- '--output=${{ inputs.results-file }}'
- '--format=${{ inputs.results-format }}'
- '--recursive=${{ inputs.recursive-scan }}'
- ${{ inputs.to-scan }}
- ${{ inputs.scan-args }}
17 changes: 16 additions & 1 deletion cmd/osv-reporter/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"io"
"os"
"strings"

"github.com/google/osv-scanner/internal/ci"
"github.com/google/osv-scanner/pkg/models"
Expand All @@ -16,14 +17,28 @@ import (

var (
// Update this variable when doing a release
version = "1.3.5"
version = "1.4.0"
commit = "n/a"
date = "n/a"
)

// splitLastArg splits the last argument by new lines and appends the split
// elements onto args and returns it
func splitLastArg(args []string) []string {
lastArg := args[len(args)-1]
lastArgSplits := strings.Split(lastArg, "\n")
args = append(args[:len(args)-1], lastArgSplits...)

return args
}

func run(args []string, stdout, stderr io.Writer) int {
var tableReporter reporter.Reporter

// Allow multiple arguments to be defined by github actions by splitting the last argument
// by new lines.
args = splitLastArg(args)

cli.VersionPrinter = func(ctx *cli.Context) {
// Use the app Writer and ErrWriter since they will be the writers to keep parallel tests consistent
tableReporter = reporter.NewTableReporter(ctx.App.Writer, ctx.App.ErrWriter, false, 0)
Expand Down
40 changes: 40 additions & 0 deletions cmd/osv-reporter/main_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package main

import (
"reflect"
"testing"
)

func Test_splitLastArg(t *testing.T) {
t.Parallel()

tests := []struct {
name string
args []string
want []string
}{
{
args: []string{
"--test1",
"--test2",
"--test3\n--test4\n--test5",
},
want: []string{
"--test1",
"--test2",
"--test3",
"--test4",
"--test5",
},
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
if got := splitLastArg(tt.args); !reflect.DeepEqual(got, tt.want) {
t.Errorf("splitLastArg() = %v, want %v", got, tt.want)
}
})
}
}
12 changes: 7 additions & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ go 1.19
require (
github.com/BurntSushi/toml v1.3.2
github.com/CycloneDX/cyclonedx-go v0.7.2
github.com/go-git/go-billy/v5 v5.4.1
github.com/go-git/go-git/v5 v5.8.1
github.com/go-git/go-billy/v5 v5.5.0
github.com/go-git/go-git/v5 v5.9.0
github.com/goark/go-cvss v1.6.6
github.com/google/go-cmp v0.5.9
github.com/jedib0t/go-pretty/v6 v6.4.7
github.com/kr/pretty v0.3.1
github.com/owenrumney/go-sarif/v2 v2.2.0
github.com/owenrumney/go-sarif/v2 v2.2.2
github.com/package-url/packageurl-go v0.1.1
github.com/spdx/tools-golang v0.5.3
github.com/urfave/cli/v2 v2.25.7
Expand All @@ -23,11 +23,13 @@ require (
gopkg.in/yaml.v3 v3.0.1
)

require github.com/cyphar/filepath-securejoin v0.2.4 // indirect

require (
// Vanity URL for https://github.com/imdario/mergo
dario.cat/mergo v1.0.0 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
Expand All @@ -43,7 +45,7 @@ require (
github.com/mattn/go-runewidth v0.0.13 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/rogpeppe/go-internal v1.9.0 // indirect
github.com/rogpeppe/go-internal v1.11.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sergi/go-diff v1.1.0 // indirect
github.com/skeema/knownhosts v1.2.0 // indirect
Expand Down
Loading

0 comments on commit ce9f126

Please sign in to comment.