Conversation
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
pkg/ecosystems/plugin_interface.go
Outdated
| Runtime string `json:"runtime"` | ||
| TargetFile string `json:"targetFile"` | ||
| Runtime string `json:"runtime"` | ||
| ManifestFile string `json:"manifestFile"` |
There was a problem hiding this comment.
I'm not sure this is exactly the same as TargetFile. So maybe we don't need this to be separate.
pkg/ecosystems/plugin_interface.go
Outdated
| TargetFile string `json:"targetFile"` | ||
| Runtime string `json:"runtime"` | ||
| ManifestFile string `json:"manifestFile"` | ||
| LockFile string `json:"lockfile"` |
There was a problem hiding this comment.
To make a distinction between the manifest and the lockfile. Relevant for other locked package managers in other ecosystems, too.
pkg/ecosystems/plugin_interface.go
Outdated
| Runtime string `json:"runtime"` | ||
| ManifestFile string `json:"manifestFile"` | ||
| LockFile string `json:"lockfile"` | ||
| FileExclusions string `json:"fileExclusions"` |
There was a problem hiding this comment.
I'm not sure we want/need this; ideally some orchestrator outside of this plugin knows how to not throw two different plugins at the same pyproject.toml. Ideally the uv plugin would be agnostic to how it is being invoked alongside other plugins.
Maybe if we rename this to ProcessedFiles or ProcessedTargetFiles it would make more sense and it would be something that an orchestrator could pick up? Would this be a duplicate of TargetFile then?
mcombuechen
force-pushed
the
feature/more-metadata
branch
from
2bc8332 to
0435152
Compare
1 participant
What this does
This adds fields for information that the uv plugin is currently emitting, to the ecosystems.SCAResult meta.
See here for the values that the uv plugin is currently emitting:
cli-extension-dep-graph/pkg/scaplugin/interface.go
Line 25 in 0973491