feat(scan):SP-4027 add support for scan tuning parameters

[agustingroh]

Summary by CodeRabbit

• New Features

  • Added support for scan tuning parameters.
  • Added SBOM upload status check documentation under Dependency Track Integration.

• Documentation

  • Updated Dependency Track integration documentation with new SBOM-related status check details.

• Chores

  • Upgraded runtime container to v1.45.0.
  • Bumped version to 1.6.0.

[coderabbitai]

Warning

Rate limit exceeded

@agustingroh has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 14 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

Version and container image updates across task configuration files and source code. CHANGELOG.md and documentation updated for v1.6.0 release. Runtime container image bumped from v1.40.1 to v1.45.0. Documentation added for scan tuning parameters and Dependency Track integration with SBOM upload status checks.

Changes

Cohort / File(s)	Summary
Version Management CHANGELOG.md, codescantask/package.json, codescantask/task.json, vss-extension.json, vss-extension-dev.json	Version bumps from 1.5.0 to 1.6.0 (extension and package), task minor version 5 to 6, and extension dev version to 0.21.72. CHANGELOG.md updated with new 1.6.0 Unreleased section.
Runtime Container Updates codescantask/app.input.ts, codescantask/services/scan.service.ts	Default runtime container image references updated from v1.40.1 to v1.45.0 in constants and inline documentation.
Documentation OVERVIEW.md	Added Scan Tuning Parameters section (appears twice) and expanded Dependency Track Integration with new SBOM Upload Status Check subsection covering status checks, PR comments, and troubleshooting.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

enhancement

Suggested reviewers

• eeisegn

Poem

🐰 Hop to version one-point-six we go!
Container images in a brighter glow,
Scan tuning parameters all mapped out,
Dependency Track removes the doubt!
From task to manifest, changes align—
A version bump makes everything shine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main objective: adding support for scan tuning parameters, with version bump to 1.6.0 and runtime container upgrade to v1.45.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/SP-4027-scan-tuning-parameters

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@OVERVIEW.md`:
- Line 221: Update the wording in the sentence that currently reads "GitHub
Action" to use the correct ADO terminology (e.g., "Azure DevOps task" or "ADO
extension") so it reflects this repository's integration; locate the sentence in
OVERVIEW.md where it says "Scan tuning parameters must be configured through the
`scanoss.json`. They are **not** configured as GitHub Action input parameters."
and replace "GitHub Action" with "Azure DevOps task" (or "ADO extension") to
correct the copy-paste error.

🧹 Nitpick comments (1)

CHANGELOG.md (1)

10-15: Consider adding more detail to the "Added" entry to clarify which tuning parameters were added.

The changelog entry is correctly formatted and scanoss-py v1.45.0 was confirmed to exist (released February 2, 2026). However, the "Added" description is generic. Based on the scanoss-py v1.45.0 release notes, specific parameters were added including --min-snippet-hits, --min-snippet-lines, --ranking, --ranking-threshold, and --honour-file-exts. Consider updating the entry to be more descriptive:

• "Added support for scan tuning parameters (min-snippet-hits, min-snippet-lines, ranking, honour-file-exts) and ScanSettingsBuilder for configuration management"

This helps users understand the feature scope without consulting external documentation.