disable call analysis

shahar-h · Sep 4, 2024 · 24cccc9 · 24cccc9
1 parent 2e5993b
commit 24cccc9
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml
@@ -20,8 +20,10 @@ jobs:
     - name: Run scanner
       uses: google/osv-scanner-action/osv-scanner-action@678a866dcba398c8ed0124a09928d250f187b52a  # v1.8.4
       with:
+        # TODO enable call analysis once https://github.com/google/osv-scanner/issues/1220 is resolved
         scan-args: |-
           --skip-git
           --experimental-licenses=Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib
+          --no-call-analysis=go
           ./
       continue-on-error: true  # TODO remove once all issues are resolved
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -26,6 +26,8 @@ jobs:
       scan-args: |-
         --skip-git
         --recursive
+        --config
+        tools/osv-scanner/config.toml
         ./
 
   scan-pr:
@@ -36,8 +38,11 @@ jobs:
       contents: read
       security-events: write
     with:
+      # TODO enable call analysis once https://github.com/google/osv-scanner/issues/1220 is resolved
       scan-args: |-
         --skip-git
         --recursive
+        --config=tools/osv-scanner/config.toml
+        --no-call-analysis=go
         ./
 
diff --git a/tools/osv-scanner/config.toml b/tools/osv-scanner/config.toml
@@ -1,3 +1,3 @@
 [[IgnoredVulns]]
-id = "GO-2022-0646 "
+id = "GO-2022-0646"
 reason = "No a real issue, just a warning about third party package."