Skip to content

Fix: container image scanning with proper osv required values. #704

Merged
KunalSin9h merged 4 commits into
mainfrom
fix/#703-container-scanning-gaps
Mar 30, 2026
Merged

Fix: container image scanning with proper osv required values. #704
KunalSin9h merged 4 commits into
mainfrom
fix/#703-container-scanning-gaps

Conversation

@KunalSin9h

@KunalSin9h KunalSin9h commented Mar 30, 2026

Copy link
Copy Markdown
Member

fixes #703

Gap State Screenshot
Gap 1 Before fix Screenshot_2026-03-30_16-38-40
Gap 1 After fix Screenshot_2026-03-30_16-33-54
Gap 2 Before fix Screenshot_2026-03-30_16-38-16
Gap 2 After fix Screenshot_2026-03-30_16-34-49

Open with Devin

@safedep

safedep Bot commented Mar 30, 2026

Copy link
Copy Markdown

SafeDep Report Summary

Green Malicious Packages Badge Green Vulnerable Packages Badge Green Risky License Badge

Package Details
Package Malware Vulnerability Risky License Report
icon buf.build/gen/go/safedep/api/protocolbuffers/go @ v1.36.11-20260328070158-ea851c7714ec.1
go.mod
ok icon
ok icon
ok icon
🔗

View complete scan results: 🔗 Here

This report is generated by SafeDep Github App

@KunalSin9h KunalSin9h requested a review from Copilot March 30, 2026 11:28
@github-actions

Copy link
Copy Markdown

vet Summary Report

This report is generated by vet

Policy Checks

  • ✅ Vulnerability
  • ✅ Malware
  • ✅ License
  • ✅ Popularity
  • ✅ Maintenance
  • ✅ Security Posture
  • ✅ Threats

Malicious Package Analysis

Malicious package analysis was performed using SafeDep Cloud API

Malicious Package Analysis Report
Ecosystem Package Version Status Report
ECOSYSTEM_GO buf.build/gen/go/safedep/api/protocolbuffers/go 1.36.11-20260328070158-ea851c7714ec.1 🔗
  • ℹ️ 1 packages have been actively analyzed for malicious behaviour.
  • ✅ No malicious packages found.
Changed Packages

Changed Packages

  • ✅ [Go] buf.build/gen/go/safedep/api/protocolbuffers/go@1.36.11-20260328070158-ea851c7714ec.1

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

This comment was marked as resolved.

@codecov

codecov Bot commented Mar 30, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 13.33333% with 13 lines in your changes missing coverage. Please review.
✅ Project coverage is 10.64%. Comparing base (19719e1) to head (00209ac).
⚠️ Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
pkg/scanner/enrich_insightsv2.go 0.00% 13 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #704      +/-   ##
==========================================
+ Coverage   10.49%   10.64%   +0.15%     
==========================================
  Files         348      348              
  Lines       48119    48125       +6     
==========================================
+ Hits         5051     5124      +73     
+ Misses      42649    42567      -82     
- Partials      419      434      +15     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@KunalSin9h KunalSin9h requested a review from abhisek March 30, 2026 11:52
Comment thread pkg/readers/container_image_reader_test.go
@KunalSin9h KunalSin9h enabled auto-merge March 30, 2026 17:14
@KunalSin9h KunalSin9h merged commit 34e42fc into main Mar 30, 2026
15 checks passed
@KunalSin9h KunalSin9h deleted the fix/#703-container-scanning-gaps branch March 30, 2026 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Container Scanning, Vulnerability Lookup Gap: Source vs Binary Package Names

4 participants