Skip to content

Classify packages as internal vs external#5

Merged
Cellcote merged 2 commits into
masterfrom
t3code/95cfc775
May 15, 2026
Merged

Classify packages as internal vs external#5
Cellcote merged 2 commits into
masterfrom
t3code/95cfc775

Conversation

@Cellcote
Copy link
Copy Markdown
Owner

@Cellcote Cellcote commented May 15, 2026
edited
Loading

Summary

  • Adds --internal <PATTERN> so the report groups results into "Internal — fixable at source (open a PR upstream)" and "External — must wait or override". Useful for triaging who-fixes-what during a CVE sweep.
  • Pattern semantics: a plain string is a prefix that matches the exact name or names with a . separator (so Acme matches Acme and Acme.Foo); a pattern containing * or ? is treated as a glob over the full package name. All matching is case-insensitive.
  • Output is byte-identical to before when the flag is not used. Rebased onto master so --internal composes with --vulnerable (severity columns) and CPM-aware reporting.

Example

> snitch MySolution.sln --internal Acme --internal MyCompany.*

Test plan

  • All 17 tests pass after rebase (3 new + 14 existing).
  • New tests: prefix match (--internal Autofac on the solution), glob match (--internal Newt* on the solution), and no-match (--internal Acme.* against Baz, falls entirely into External).
  • Manual sanity-check: run snitch <solution> with and without --internal and confirm the grouped output renders the way you want.

🤖 Generated with Claude Code

@Cellcote Cellcote mentioned this pull request May 15, 2026
Merged
4 tasks
Cellcote and others added 2 commits May 15, 2026 21:25
@Cellcote @claude
feat: Classify packages as internal vs external
d7c6aef 
Adds a --internal <PATTERN> option that classifies packages by name so the
report groups results into "Internal — fixable at source" and "External —
must wait or override". Lets you triage who-fixes-what during a CVE sweep.
Patterns without wildcards act as prefixes (e.g. UiPath matches UiPath and
UiPath.Foo); patterns with * or ? are globs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@Cellcote @claude
docs: Use Acme placeholder in --internal examples
4a1df74 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@Cellcote Cellcote merged commit 0aee8eb into master May 15, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Cellcote