Skip to content

fix: pass through plugin capabilities#2095

Merged
another-rex merged 1 commit into
google:mainfrom
another-rex:misc-fixes
Jul 21, 2025
Merged

fix: pass through plugin capabilities#2095
another-rex merged 1 commit into
google:mainfrom
another-rex:misc-fixes

Conversation

@another-rex
Copy link
Copy Markdown
Collaborator

@another-rex another-rex commented Jul 21, 2025

Also added a test for No vulnerabilities but with license violations. (about #2093, it looks like this doesn't actually trigger the removed codepath either suprisingly)

@another-rex another-rex requested review from G-Rath and cuixq July 21, 2025 03:50
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Jul 21, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.60%. Comparing base (641d7a9) to head (203a938).
⚠️ Report is 448 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2095      +/-   ##
==========================================
+ Coverage   67.56%   67.60%   +0.04%     
==========================================
  Files         173      173              
  Lines       16326    16319       -7     
==========================================
+ Hits        11031    11033       +2     
+ Misses       4618     4611       -7     
+ Partials      677      675       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

cuixq
cuixq approved these changes Jul 21, 2025
View reviewed changes
Comment thread pkg/osvscanner/osvscanner.go
Comment on lines +343 to +348
capabilities := &plugin.Capabilities{
DirectFS: true,
RunningSystem: false,
OS: plugin.OSLinux,
})
}
plugins = plugin.FilterByCapabilities(plugins, capabilities)
Copy link
Copy Markdown
Contributor

@cuixq cuixq Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this make any functional change?

Copy link
Copy Markdown
Collaborator Author

@another-rex another-rex Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because we are filtering already, it doesn't really change anything functional.

G-Rath
G-Rath approved these changes Jul 21, 2025
View reviewed changes
Comment thread cmd/osv-scanner/scan/source/command_test.go
Exit: 1,
},
{
Name: "No vulnerabilities but license violations with allowlist",
Copy link
Copy Markdown
Collaborator

@G-Rath G-Rath Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is still good to have but fyi we've already got this covered with "some packages with license violations in json" about 4 cases down, which is why #2093 doesn't get covered by this 🤷

@another-rex another-rex merged commit e9ac801 into google:main Jul 21, 2025
16 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Aug 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@G-Rath G-Rath G-Rath approved these changes

@cuixq cuixq cuixq approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@another-rex @codecov-commenter @G-Rath @cuixq