Skip to content

feat: deprecate --experimental- flags in favor of shorter --x- versions #2589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
G-Rath wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: deprecate --experimental- flags in favor of shorter --x- versions #2589

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
822ead3
feat: use `--x-` for `--experimental-` flags
G-Rath Mar 4, 2026
400a3f6
refactor: use new helper elsewhere
G-Rath Mar 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 38 additions & 1 deletion cmd/osv-scanner/internal/helper/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,20 +191,57 @@ func BuildCommonScanFlags(defaultExtractors []string) []cli.Flag {
Value: &allowedLicencesFlag{},
},
&cli.BoolFlag{
Name: "experimental-flag-deprecated-packages",
Name: "x-flag-deprecated-packages",
Usage: "report if package versions are deprecated",
},
&cli.BoolFlag{
Name: "experimental-flag-deprecated-packages",
Usage: "[DEPRECATED] (use \"--x-flag-deprecated-packages\" instead) report if package versions are deprecated",
Action: func(_ context.Context, _ *cli.Command, _ bool) error {
cmdlogger.Warnf("Warning: --experimental-flag-deprecated-packages has been deprecated in favor of --x-flag-deprecated-packages")

return nil
},
},
&cli.StringSliceFlag{
Name: "experimental-plugins",
Usage: "[DEPRECATED] (use \"--x-plugins\" instead) list of specific plugins and presets of plugins to use",
Action: func(_ context.Context, _ *cli.Command, _ []string) error {
cmdlogger.Warnf("Warning: --experimental-plugins has been deprecated in favor of --x-plugins")

return nil
},
Value: defaultExtractors,
},
&cli.StringSliceFlag{
Name: "x-plugins",
Usage: "list of specific plugins and presets of plugins to use",
Value: defaultExtractors,
},
&cli.StringSliceFlag{
Name: "experimental-disable-plugins",
Usage: "[DEPRECATED] (use \"--x-disable-plugins\" instead) list of specific plugins and presets of plugins to not use",
Action: func(_ context.Context, _ *cli.Command, _ []string) error {
cmdlogger.Warnf("Warning: --experimental-disable-plugins has been deprecated in favor of --x-disable-plugins")

return nil
},
},
&cli.StringSliceFlag{
Name: "x-disable-plugins",
Usage: "list of specific plugins and presets of plugins to not use",
},
&cli.BoolFlag{
Name: "experimental-no-default-plugins",
Usage: "[DEPRECATED] (use \"--x-no-default-plugins\" instead) disable default plugins, instead using only those enabled by --x-plugins",
Action: func(_ context.Context, _ *cli.Command, _ bool) error {
cmdlogger.Warnf("Warning: --experimental-no-default-plugins has been deprecated in favor of --x-no-default-plugins")

return nil
},
},
&cli.BoolFlag{
Name: "x-no-default-plugins",
Usage: "disable default plugins, instead using only those enabled by --experimental-plugins",
Copy link
Copy Markdown
Collaborator

@another-rex another-rex Mar 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should mention --x-plugins right?

},
}
Expand Down
18 changes: 14 additions & 4 deletions cmd/osv-scanner/internal/helper/getters.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,22 @@ func GetCommonScannerActions(cmd *cli.Command, scanLicensesAllowlist []string) o
}
}

// FallbackToDeprecatedName returns the preferred cli flag name if set,
// otherwise falling back to the deprecated name
func FallbackToDeprecatedName(cmd *cli.Command, name, old string) string {
if cmd.IsSet(name) {
return name
}

return old
}

func GetExperimentalScannerActions(cmd *cli.Command, client *http.Client) osvscanner.ExperimentalScannerActions {
return osvscanner.ExperimentalScannerActions{
PluginsEnabled: cmd.StringSlice("experimental-plugins"),
PluginsDisabled: cmd.StringSlice("experimental-disable-plugins"),
PluginsNoDefaults: cmd.Bool("experimental-no-default-plugins"),
PluginsEnabled: cmd.StringSlice(FallbackToDeprecatedName(cmd, "x-plugins", "experimental-plugins")),
PluginsDisabled: cmd.StringSlice(FallbackToDeprecatedName(cmd, "x-disable-plugins", "experimental-disable-plugins")),
PluginsNoDefaults: cmd.Bool(FallbackToDeprecatedName(cmd, "x-no-default-plugins", "experimental-no-default-plugins")),
HTTPClient: client,
FlagDeprecatedPackages: cmd.Bool("experimental-flag-deprecated-packages"),
FlagDeprecatedPackages: cmd.Bool(FallbackToDeprecatedName(cmd, "x-flag-deprecated-packages", "experimental-flag-deprecated-packages")),
}
}
6 changes: 1 addition & 5 deletions cmd/osv-scanner/scan/image/command.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,7 @@ func action(_ context.Context, cmd *cli.Command, stdout, stderr io.Writer, clien
}

format := cmd.String("format")
outputPath := cmd.String("output-file")

if outputPath == "" {
outputPath = cmd.String("output")
}
outputPath := cmd.String(helper.FallbackToDeprecatedName(cmd, "output-file", "output"))
serve := cmd.Bool("serve")
if serve {
format = "html"
Expand Down
70 changes: 35 additions & 35 deletions cmd/osv-scanner/scan/image/command_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom/spdx",
"--experimental-plugins=sbom/cdx",
"--x-plugins=sbom/spdx",
"--x-plugins=sbom/cdx",
"testdata/test-alpine-sbom.tar",
},
Exit: 1,
Expand All @@ -34,9 +34,9 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom/spdx",
"--experimental-plugins=sbom/cdx",
"--experimental-disable-plugins=sbom",
"--x-plugins=sbom/spdx",
"--x-plugins=sbom/cdx",
"--x-disable-plugins=sbom",
"testdata/test-alpine-sbom.tar",
},
Exit: 1,
Expand All @@ -46,8 +46,8 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom",
"--experimental-disable-plugins=sbom",
"--x-plugins=sbom",
"--x-disable-plugins=sbom",
"testdata/test-alpine-sbom.tar",
},
Exit: 1,
Expand All @@ -57,8 +57,8 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom/spdx,sbom/cdx",
"--experimental-disable-plugins=sbom",
"--x-plugins=sbom/spdx,sbom/cdx",
"--x-disable-plugins=sbom",
"testdata/test-alpine-sbom.tar",
},
Exit: 1,
Expand Down Expand Up @@ -88,9 +88,9 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom/spdx",
"--experimental-plugins=sbom/cdx",
"--experimental-no-default-plugins",
"--x-plugins=sbom/spdx",
"--x-plugins=sbom/cdx",
"--x-no-default-plugins",
"testdata/test-alpine-sbom.tar",
},
Exit: 1,
Expand All @@ -100,10 +100,10 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom/spdx",
"--experimental-plugins=sbom/cdx",
"--experimental-disable-plugins=sbom",
"--experimental-no-default-plugins",
"--x-plugins=sbom/spdx",
"--x-plugins=sbom/cdx",
"--x-disable-plugins=sbom",
"--x-no-default-plugins",
"testdata/test-alpine-sbom.tar",
},
Exit: 127,
Expand All @@ -113,9 +113,9 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom",
"--experimental-disable-plugins=sbom",
"--experimental-no-default-plugins",
"--x-plugins=sbom",
"--x-disable-plugins=sbom",
"--x-no-default-plugins",
"testdata/test-alpine-sbom.tar",
},
Exit: 127,
Expand All @@ -125,9 +125,9 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
Args: []string{
"", "image",
"--archive",
"--experimental-plugins=sbom/spdx,sbom/cdx",
"--experimental-disable-plugins=sbom",
"--experimental-no-default-plugins",
"--x-plugins=sbom/spdx,sbom/cdx",
"--x-disable-plugins=sbom",
"--x-no-default-plugins",
"testdata/test-alpine-sbom.tar",
},
Exit: 127,
Expand Down Expand Up @@ -193,7 +193,7 @@ func TestCommand_Docker(t *testing.T) {
// since we've requested the os/apk extractor disabled, and there's nothing else
// in the image that we support extracting
Name: "real_alpine_image_without_apk_extractor_enabled",
Args: []string{"", "image", "--experimental-disable-plugins=os/apk", "alpine:3.18.9"},
Args: []string{"", "image", "--x-disable-plugins=os/apk", "alpine:3.18.9"},
Exit: 128,
},
}
Expand Down Expand Up @@ -325,8 +325,8 @@ func TestCommand_OCIImage(t *testing.T) {
Name: "scanning_insecure_alpine_image_with_specific_detector_enabled",
Args: []string{
"", "image",
"--experimental-plugins", "os/apk",
"--experimental-plugins", "weakcredentials/etcshadow",
"--x-plugins", "os/apk",
"--x-plugins", "weakcredentials/etcshadow",
"--archive", "./testdata/test-alpine-etcshadow.tar",
},
Exit: 1,
Expand All @@ -335,9 +335,9 @@ func TestCommand_OCIImage(t *testing.T) {
Name: "scanning_insecure_alpine_image_with_specific_detector_disabled",
Args: []string{
"", "image",
"--experimental-plugins", "os/apk",
"--experimental-plugins", "weakcreds",
"--experimental-disable-plugins", "weakcredentials/etcshadow",
"--x-plugins", "os/apk",
"--x-plugins", "weakcreds",
"--x-disable-plugins", "weakcredentials/etcshadow",
"--archive", "./testdata/test-alpine-etcshadow.tar",
},
Exit: 1,
Expand All @@ -346,8 +346,8 @@ func TestCommand_OCIImage(t *testing.T) {
Name: "scanning_insecure_alpine_image_with_detector_preset",
Args: []string{
"", "image",
"--experimental-plugins", "os/apk",
"--experimental-plugins", "weakcreds",
"--x-plugins", "os/apk",
"--x-plugins", "weakcreds",
"--archive", "./testdata/test-alpine-etcshadow.tar",
},
Exit: 1,
Expand Down Expand Up @@ -445,8 +445,8 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
Name: "scanning_insecure_alpine_image_with_specific_detector_enabled",
Args: []string{
"", "image", "--format=json",
"--experimental-plugins", "os/apk",
"--experimental-plugins", "weakcredentials/etcshadow",
"--x-plugins", "os/apk",
"--x-plugins", "weakcredentials/etcshadow",
"--archive", "./testdata/test-alpine-etcshadow.tar",
},
Exit: 1,
Expand All @@ -461,8 +461,8 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
Name: "scanning_insecure_alpine_image_with_detector_preset",
Args: []string{
"", "image", "--format=json",
"--experimental-plugins", "os/apk",
"--experimental-plugins", "weakcreds",
"--x-plugins", "os/apk",
"--x-plugins", "weakcreds",
"--archive", "./testdata/test-alpine-etcshadow.tar",
},
Exit: 1,
Expand All @@ -477,7 +477,7 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
Name: "scanning_image_with_deprecated_packages",
Args: []string{
"", "image", "--format=json",
"--experimental-flag-deprecated-packages",
"--x-flag-deprecated-packages",
"--archive", "./testdata/test-image-with-deprecated.tar",
},
Exit: 1,
Expand Down
Loading
Loading