Skip to content

feat: add experimental support for updating config files #2534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
G-Rath wants to merge 43 commits into
base: main
Choose a base branch
from
Open

feat: add experimental support for updating config files #2534

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
2839af1
feat: implement ability to ignore vulns in config
G-Rath Feb 18, 2026
5a35897
test: write some tests
G-Rath Feb 18, 2026
74fc9f0
feat: implement experimental flag
G-Rath Feb 19, 2026
c3d796f
test: add some cmd cases
G-Rath Feb 19, 2026
fdfe272
fix: update ignores before doing filtering
G-Rath Feb 19, 2026
febfce0
fix: deduplicate ignores
G-Rath Feb 19, 2026
1ddcd9e
fix: return errors
G-Rath Feb 19, 2026
cce94d9
fix: remove indenting
G-Rath Feb 19, 2026
a5f9dd8
refactor: rename flag
G-Rath Feb 19, 2026
0e46061
fix: ensure vulns are sorted by ID
G-Rath Feb 19, 2026
28eb674
refactor: make `copyFile` public (internally)
G-Rath Feb 19, 2026
79ba12b
test: add a case with a custom global config
G-Rath Feb 19, 2026
c42e875
fix: account for multiple files using the same config
G-Rath Feb 19, 2026
be1a88c
test: use `os.CopyFS`
G-Rath Feb 19, 2026
da1e75b
fix: skip the default config and add nil check
G-Rath Feb 19, 2026
89d55c3
refactor: simplify "update configs" implementation (somewhat)
G-Rath Feb 19, 2026
8e1efd8
test: update names
G-Rath Feb 19, 2026
15a0411
test: add case for global config + recursive
G-Rath Feb 19, 2026
513f9c4
test: add more cases for "with no config"
G-Rath Feb 19, 2026
c711711
test: merge groups
G-Rath Feb 19, 2026
8eb82f0
test: use cassettes and update snapshots
G-Rath Feb 23, 2026
c1145a6
feat: switch to using a string flag
G-Rath Feb 24, 2026
9395e54
feat: implement support for removing unused ignores
G-Rath Feb 24, 2026
b1e0899
refactor: merge `unused-config.toml` and `custom-config.toml`
G-Rath Feb 26, 2026
cbab8c1
test: add a config case with a package override
G-Rath Feb 26, 2026
f93dd00
chore: add todos
G-Rath Feb 26, 2026
c6e840a
refactor(config): split ignoring and saving
G-Rath Mar 2, 2026
28ac7d4
refactor: clean up functions a bit more
G-Rath Mar 2, 2026
2e2b2c1
refactor: stick with saving as config map is not holding pointers
G-Rath Mar 3, 2026
92791ab
docs: add a page
G-Rath Mar 6, 2026
eda9929
perf: optimize slice filtering
G-Rath Mar 10, 2026
2ffb482
fix: store configs by reference
G-Rath Mar 10, 2026
2c62f2a
feat: print the number of removed unused ignore entries
G-Rath Mar 10, 2026
c39c234
feat: print the actual ignore entries that were removed
G-Rath Mar 10, 2026
1baeada
fix: don't record configs that had no ignores removed
G-Rath Mar 10, 2026
57749cb
feat: print when config ignores have been updated
G-Rath Mar 10, 2026
2583e91
refactor: deduplicate "reporting on unused ignore action"
G-Rath Mar 10, 2026
c23b5be
refactor: deduplicate the whole "unused ignore entries" section
G-Rath Mar 10, 2026
c04b54d
refactor: deduplicate for when we're ignoring all entries too
G-Rath Mar 10, 2026
47496f1
fix: omit empty fields from package overrides
G-Rath Mar 10, 2026
7641656
fix: omit ignored vulns and package overrides entirely if empty
G-Rath Mar 10, 2026
7e4942a
fix: reorder top level `Config` fields
G-Rath Mar 10, 2026
0ba5d86
feat: don't filter when ignoring all vulns
G-Rath Mar 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions cmd/osv-scanner/internal/helper/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,5 +207,19 @@ func BuildCommonScanFlags(defaultExtractors []string) []cli.Flag {
Name: "experimental-no-default-plugins",
Usage: "disable default plugins, instead using only those enabled by --experimental-plugins",
},
&cli.StringFlag{
Name: "experimental-update-config-ignores",
Usage: "update config file(s) to ignore vulnerabilities - must be one of: none, unused, or all",
Action: func(_ context.Context, _ *cli.Command, s string) error {
// todo: can we do something other than "none"?
// - feels like that might mean "remove all ignores"
// - ideally empty string would be nice, but might not work properly as a flag default?
if s == "none" || s == "unused" || s == "all" {
return nil
}

return fmt.Errorf("unsupported option \"%s\" - must be none, unused, or all", s)
},
},
}
}
1 change: 1 addition & 0 deletions cmd/osv-scanner/internal/helper/getters.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,5 +56,6 @@ func GetExperimentalScannerActions(cmd *cli.Command, client *http.Client) osvsca
PluginsNoDefaults: cmd.Bool("experimental-no-default-plugins"),
HTTPClient: client,
FlagDeprecatedPackages: cmd.Bool("experimental-flag-deprecated-packages"),
UpdateConfigIgnores: cmd.String("experimental-update-config-ignores"),
}
}
4 changes: 2 additions & 2 deletions cmd/osv-scanner/internal/testcmd/copy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"testing"
)

func copyFile(from, to string) (string, error) {
func CopyFile(from, to string) (string, error) {
b, err := os.ReadFile(from)
if err != nil {
return "", fmt.Errorf("could not read test file: %w", err)
Expand Down Expand Up @@ -37,7 +37,7 @@ func CopyFileFlagTo(t *testing.T, tc Case, flagName string, dir string) string {
return ""
}

newPath, err := copyFile(flagValue, filepath.Join(dir, filepath.Base(flagValue)))
newPath, err := CopyFile(flagValue, filepath.Join(dir, filepath.Base(flagValue)))

if err != nil {
t.Fatalf("%v", err)
Expand Down
2 changes: 1 addition & 1 deletion cmd/osv-scanner/internal/testcmd/git.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ func SetupGitFixtures() (func(), error) {
}

for _, f := range gitIgnoreFiles {
gitignoreFile, err := copyFile(f, filepath.Join(filepath.Dir(f), ".gitignore"))
gitignoreFile, err := CopyFile(f, filepath.Join(filepath.Dir(f), ".gitignore"))

if err != nil {
return cleaner, err
Expand Down
Loading
Loading