Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for determineversions API (#612). #621

Merged
merged 8 commits into from
Nov 1, 2023
Merged

Add support for determineversions API (#612). #621

merged 8 commits into from
Nov 1, 2023

Conversation

oliverchang
Copy link
Collaborator

@oliverchang oliverchang commented Oct 30, 2023
edited
Loading

Fixes #612.

Tested on https://github.com/opencv/opencv

We need to set up an e2e test for this as well (maybe add some submodules + vendored libs to https://github.com/ossf-tests/scorecard-check-osv-e2e).

Scanning dir /tmp/opencv
Scanning /tmp/opencv/ at commit e9e6b1e22c1a966a81aca1217b16a51fe7311b3b
Scanning directory for vendored libs: /tmp/opencv/3rdparty
Scanning potential vendored dir: /tmp/opencv/3rdparty/carotene
Scanning potential vendored dir: /tmp/opencv/3rdparty/cpufeatures
Scanning potential vendored dir: /tmp/opencv/3rdparty/ffmpeg
Scanning potential vendored dir: /tmp/opencv/3rdparty/flatbuffers
Scanning potential vendored dir: /tmp/opencv/3rdparty/include
Scanning potential vendored dir: /tmp/opencv/3rdparty/ippicv
Scanning potential vendored dir: /tmp/opencv/3rdparty/ittnotify
Scanning potential vendored dir: /tmp/opencv/3rdparty/libjasper
Scanning potential vendored dir: /tmp/opencv/3rdparty/libjpeg
Identified /tmp/opencv/3rdparty/libjpeg as https://github.com/libjpeg-turbo/libjpeg-turbo at 9fc018fd1aa9598f21c9bc4d8d53c0cef007bdcf.
Scanning potential vendored dir: /tmp/opencv/3rdparty/libjpeg-turbo
Identified /tmp/opencv/3rdparty/libjpeg-turbo as https://github.com/libjpeg-turbo/libjpeg-turbo at c5f269eb9665435271c05fbcaf8721fa58e9eafa.
Scanning potential vendored dir: /tmp/opencv/3rdparty/libpng
Identified /tmp/opencv/3rdparty/libpng as https://github.com/gemini-testing/png-img at 4a9d62598d369566680300c96ec0a22f1dec48c3.
Scanning potential vendored dir: /tmp/opencv/3rdparty/libspng
Scanning potential vendored dir: /tmp/opencv/3rdparty/libtiff
Identified /tmp/opencv/3rdparty/libtiff as https://gitlab.com/libtiff/libtiff at 4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99.
Scanning potential vendored dir: /tmp/opencv/3rdparty/libtim-vx
Scanning potential vendored dir: /tmp/opencv/3rdparty/libwebp
Identified /tmp/opencv/3rdparty/libwebp as https://chromium.googlesource.com/webm/libwebp at fd7bb21c0cb56e8a82e9bfa376164b842f433f3b.
Scanning potential vendored dir: /tmp/opencv/3rdparty/openexr
Identified /tmp/opencv/3rdparty/openexr as https://github.com/AcademySoftwareFoundation/openexr at 0ac2ea34c8f3134148a5df4052e40f155b76f6fb.
Scanning potential vendored dir: /tmp/opencv/3rdparty/openjpeg
Identified /tmp/opencv/3rdparty/openjpeg as https://github.com/uclouvain/openjpeg at a5891555eb49ed7cc26b2901ea680acda136d811.
Scanning potential vendored dir: /tmp/opencv/3rdparty/openvx
Scanning potential vendored dir: /tmp/opencv/3rdparty/protobuf
Identified /tmp/opencv/3rdparty/protobuf as https://github.com/protocolbuffers/protobuf at 7c40b2df1fdf6f414c1c18c789715a9c948a0725.
Scanning potential vendored dir: /tmp/opencv/3rdparty/quirc
Scanning potential vendored dir: /tmp/opencv/3rdparty/tbb
Scanning potential vendored dir: /tmp/opencv/3rdparty/zlib
Identified /tmp/opencv/3rdparty/zlib as https://github.com/madler/zlib at 04f42ceca40f73e2978b50e93806c2a18c1281fc.
Scanning directory for vendored libs: /tmp/opencv/modules/core/3rdparty
Scanning potential vendored dir: /tmp/opencv/modules/core/3rdparty/SoftFloat
Scanning directory for vendored libs: /tmp/opencv/modules/features2d/3rdparty
Scanning potential vendored dir: /tmp/opencv/modules/features2d/3rdparty/mscr
Scanned /tmp/opencv/platforms/maven/opencv/pom.xml file and found 0 packages
Failed to resolve version of org.ops4j.pax.exam:pax-exam-container-karaf: property "pax.exam.version" could not be found for "org.opencv:opencv-it"
Failed to resolve version of org.ops4j.pax.exam:pax-exam-junit4: property "pax.exam.version" could not be found for "org.opencv:opencv-it"
Failed to resolve version of ${project.groupId}:opencv: property "project.version" could not be found for "org.opencv:opencv-it"
Scanned /tmp/opencv/platforms/maven/opencv-it/pom.xml file and found 12 packages
Scanned /tmp/opencv/platforms/maven/pom.xml file and found 0 packages
Scanned /tmp/opencv/samples/dnn/dnn_model_runner/dnn_conversion/requirements.txt file and found 11 packages
╭─────────────────────────────────────┬──────┬───────────┬─────────────────────┬─────────────────────┬───────────────────────────────────────────────────────────────────────────────── ≈
│ OSV URL                             │ CVSS │ ECOSYSTEM │ PACKAGE             │ VERSION             │ SOURCE                                                                           ≈
├─────────────────────────────────────┼──────┼───────────┼─────────────────────┴─────────────────────┼───────────────────────────────────────────────────────────────────────────────── ≈
│ https://osv.dev/OSV-2022-394        │      │ GIT       │  e9e6b1e22c1a966a81aca1217b16a51fe7311b3b │ ../../../../../../tmp/opencv                                                     ≈
│ https://osv.dev/OSV-2023-444        │      │ GIT       │  e9e6b1e22c1a966a81aca1217b16a51fe7311b3b │ ../../../../../../tmp/opencv                                                     ≈
│ https://osv.dev/CVE-2021-29390      │ 7.1  │ GIT       │  9fc018fd1aa9598f21c9bc4d8d53c0cef007bdcf │ ../../../../../../tmp/opencv/3rdparty/libjpeg                                    ≈
│ https://osv.dev/CVE-2021-46822      │ 5.5  │ GIT       │  9fc018fd1aa9598f21c9bc4d8d53c0cef007bdcf │ ../../../../../../tmp/opencv/3rdparty/libjpeg                                    ≈
│ https://osv.dev/CVE-2022-1056       │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2022-1210       │ 6.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2022-1354       │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2022-1355       │ 6.1  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2022-1622       │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2022-1623       │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2022-3970       │ 8.8  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2022-40090      │ 6.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-1916       │ 6.1  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-25433      │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-25434      │ 8.8  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-25435      │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-26965      │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-26966      │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-2731       │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-2908       │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-30775      │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-3576       │ 5.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-3618       │ 6.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-40745      │ 6.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-41175      │ 6.5  │ GIT       │  4862b0d7bcc786304ff4e8c31e8d5ccfb868fb99 │ ../../../../../../tmp/opencv/3rdparty/libtiff                                    ≈
│ https://osv.dev/CVE-2023-4863       │ 8.8  │ GIT       │  fd7bb21c0cb56e8a82e9bfa376164b842f433f3b │ ../../../../../../tmp/opencv/3rdparty/libwebp                                    ≈
│ https://osv.dev/CVE-2018-18443      │ 4.3  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2018-18444      │ 8.8  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11758      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11759      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11760      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11761      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11762      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11763      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11764      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-11765      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-15304      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-15305      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-15306      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-16587      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-16588      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2020-16589      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-20298      │ 7.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-20299      │ 7.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-20300      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-20302      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-20303      │ 6.1  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-20304      │ 7.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-23169      │ 8.8  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-23215      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-26260      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-26945      │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-3598       │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-3605       │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-3933       │ 5.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/CVE-2021-3941       │ 6.5  │ GIT       │  0ac2ea34c8f3134148a5df4052e40f155b76f6fb │ ../../../../../../tmp/opencv/3rdparty/openexr                                    ≈
│ https://osv.dev/OSV-2022-416        │      │ GIT       │  a5891555eb49ed7cc26b2901ea680acda136d811 │ ../../../../../../tmp/opencv/3rdparty/openjpeg                                   ≈
│ https://osv.dev/CVE-2021-22569      │ 5.5  │ GIT       │  7c40b2df1fdf6f414c1c18c789715a9c948a0725 │ ../../../../../../tmp/opencv/3rdparty/protobuf                                   ≈
│ https://osv.dev/CVE-2022-3509       │ 7.5  │ GIT       │  7c40b2df1fdf6f414c1c18c789715a9c948a0725 │ ../../../../../../tmp/opencv/3rdparty/protobuf                                   ≈
│ https://osv.dev/CVE-2022-3510       │ 7.5  │ GIT       │  7c40b2df1fdf6f414c1c18c789715a9c948a0725 │ ../../../../../../tmp/opencv/3rdparty/protobuf                                   ≈
│ https://osv.dev/CVE-2023-45853      │ 9.8  │ GIT       │  04f42ceca40f73e2978b50e93806c2a18c1281fc │ ../../../../../../tmp/opencv/3rdparty/zlib

@oliverchang
Add support for determineversions API (#612).
b1a1814 
Tested on https://github.com/opencv/opencv

We need to set up an e2e test for this as well (maybe add some
submodules + vendored libs to https://github.com/ossf-tests/scorecard-check-osv-e2e).

```
Scanning dir /tmp/opencv
Scanning /tmp/opencv/ at commit e9e6b1e22c1a966a81aca1217b16a51fe7311b3b
Scanning directory for vendored libs: /tmp/opencv/3rdparty
Scanning potential vendored dir: /tmp/opencv/3rdparty/carotene
...
Scanning potential vendored dir: /tmp/opencv/3rdparty/libjpeg
Identified /tmp/opencv/3rdparty/libjpeg as https://github.com/libjpeg-turbo/libjpeg-turbo at 9fc018fd1aa9598f21c9bc4d8d53c0cef007bdcf.
Scanning potential vendored dir: /tmp/opencv/3rdparty/libjpeg-turbo
Identified /tmp/opencv/3rdparty/libjpeg-turbo as https://github.com/libjpeg-turbo/libjpeg-turbo at c5f269eb9665435271c05fbcaf8721fa58e9eafa.
Scanning potential vendored dir: /tmp/opencv/3rdparty/libpng
...
Scanning potential vendored dir: /tmp/opencv/3rdparty/libwebp
Identified /tmp/opencv/3rdparty/libwebp as https://chromium.googlesource.com/webm/libwebp at fd7bb21c0cb56e8a82e9bfa376164b842f433f3b.
Scanning potential vendored dir: /tmp/opencv/3rdparty/openexr
...
Scanning potential vendored dir: /tmp/opencv/3rdparty/zlib
Scanning directory for vendored libs: /tmp/opencv/modules/core/3rdparty
Scanning potential vendored dir: /tmp/opencv/modules/core/3rdparty/SoftFloat
Scanning directory for vendored libs: /tmp/opencv/modules/features2d/3rdparty
Scanning potential vendored dir: /tmp/opencv/modules/features2d/3rdparty/mscr
Scanned /tmp/opencv/platforms/maven/opencv/pom.xml file and found 0 packages
...
Scanned /tmp/opencv/platforms/maven/opencv-it/pom.xml file and found 12 packages
...
+-------------------------------------+------+-----------+---------------------+---------------------+-----------------------------------------------------------------------------------
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE             | VERSION             | SOURCE
+-------------------------------------+------+-----------+---------------------+---------------------+-----------------------------------------------------------------------------------
| https://osv.dev/OSV-2022-394        |      | GIT       |  e9e6b1e22c1a966a81aca1217b16a51fe7311b3b | ../../../../../../tmp/opencv
| https://osv.dev/OSV-2023-444        |      | GIT       |  e9e6b1e22c1a966a81aca1217b16a51fe7311b3b | ../../../../../../tmp/opencv
| https://osv.dev/CVE-2021-29390      | 7.1  | GIT       |  9fc018fd1aa9598f21c9bc4d8d53c0cef007bdcf | ../../../../../../tmp/opencv/3rdparty/libjpeg
| https://osv.dev/CVE-2021-46822      | 5.5  | GIT       |  9fc018fd1aa9598f21c9bc4d8d53c0cef007bdcf | ../../../../../../tmp/opencv/3rdparty/libjpeg
| https://osv.dev/CVE-2023-4863       | 8.8  | GIT       |  fd7bb21c0cb56e8a82e9bfa376164b842f433f3b | ../../../../../../tmp/opencv/3rdparty/libwebp
...
```
@oliverchang
fix lints
1e71ca7
@oliverchang
tweak threshold to get more results
0546782
This was referenced Oct 30, 2023
Closed
Closed
hogo6002
hogo6002 approved these changes Oct 31, 2023
View reviewed changes
Copy link
Contributor

@hogo6002 hogo6002 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, also it runs well locally.
nit: Should we add some comments for new functions?

another-rex
another-rex reviewed Nov 1, 2023
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor changes

pkg/osvscanner/osvscanner.go Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
@codecov-commenter
Copy link

codecov-commenter commented Nov 1, 2023
edited
Loading

Codecov Report

Merging #621 (f6a203e) into main (ac2897c) will decrease coverage by 1.52%.
The diff coverage is 2.80%.

@@            Coverage Diff             @@
##             main     #621      +/-   ##
==========================================
- Coverage   80.33%   78.82%   -1.52%     
==========================================
  Files          78       78              
  Lines        5406     5511     +105     
==========================================
+ Hits         4343     4344       +1     
- Misses        887      990     +103     
- Partials      176      177       +1
Files Coverage Δ
pkg/osv/osv.go 52.87% <0.00%> (-10.65%) ⬇️
pkg/osvscanner/osvscanner.go 53.12% <4.00%> (-7.52%) ⬇️

@another-rex
Copy link
Collaborator

Do we want this behind a flag rather than by default? It does significantly increase scanning time

another-rex
another-rex approved these changes Nov 1, 2023
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Just the flag question

@oliverchang
Copy link
Collaborator Author

oliverchang commented Nov 1, 2023
edited
Loading

Thanks for the fixes!

Do we want this behind a flag rather than by default? It does significantly increase scanning time

Hmm, we can always add this in if people ask for it. We can also optimize things using goroutines a you mention.

It does make things slower, but only when they have these specific set of directories that likely indicate they're using vendored libs and would want this on by default.

@oliverchang oliverchang merged commit 2b7f858 into main Nov 1, 2023
9 checks passed
@oliverchang oliverchang deleted the determine branch November 1, 2023 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hogo6002 hogo6002 hogo6002 approved these changes

@another-rex another-rex another-rex approved these changes

@andrewpollock andrewpollock Awaiting requested review from andrewpollock

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add determineversions support
4 participants
@oliverchang @codecov-commenter @another-rex @hogo6002