snyk: added snyk stats to metadata #153
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
py/plugins/snyk.py
Outdated
| props.post_process_hooks += [filter_hook] | ||
| def write_snyk_stats_metadata(results): | ||
| results_file = results.dbgdir_raw + SNYK_OUTPUT | ||
| return snyk_write_analysis_meta(results, results_file) |
There was a problem hiding this comment.
Note: In the future, the results_file variable should always be the same path, but until the chroot/snyk problem is not solved, we need to have two different paths.
jperezdealgaba
force-pushed
the
OSH-347
branch
from
0f9ffe0
to
f2fbe35
Compare
jperezdealgaba
force-pushed
the
OSH-347
branch
from
f2fbe35
to
f7142f5
Compare
There was a problem hiding this comment.
The newly introduced module needs to be installed by CMake to keep the RPM packaging (or local installations) working:
Line 23 in 9befcc3
@jperezdealgaba Note that this problem had already been revealed by the failing CI tests. |
jperezdealgaba
force-pushed
the
OSH-347
branch
from
f7142f5
to
aa08aac
Compare
|
|
||
| def snyk_write_analysis_meta(results, raw_results_file): | ||
| try: | ||
| with open(raw_results_file) as snyk_results_file: |
Check warning
Code scanning / vcs-diff-lint
snyk_write_analysis_meta: Using open without explicitly specifying an encoding Warning
jperezdealgaba
force-pushed
the
OSH-347
branch
from
aa08aac
to
16b4b7e
Compare
Related: https://issues.redhat.com/browse/OSH-347 Reproducer: csmock -t snyk --force -r rhel-8-x86_64 osbuild-106-1.el10+4.src.rpm Added the stats from snyk results (snyk coverage rate, analyzed files and total of files) to the metadata file.
jperezdealgaba
force-pushed
the
OSH-347
branch
from
16b4b7e
to
c68649b
Compare
| @@ -0,0 +1,52 @@ | |||
| # Copyright (C) 2024 Red Hat, Inc. | |||
There was a problem hiding this comment.
@kdudka I have updated the license header to refer to 2024. Should I do another commit to update plugin/snyk header?
There was a problem hiding this comment.
@jperezdealgaba Thanks! I do not think it is critical. We may eventually migrate csutils to use the two-lines SPDX license headers like we did for OSH: openscanhub/openscanhub@3115651
@lzaoral What do you think about it?
There was a problem hiding this comment.
@lzaoral Sure. I was just thinking about modernization of csutils so that we do not waste time on maintaining the legacy GPL headers in source code files.
There was a problem hiding this comment.
@kdudka I was reacting to @jperezdealgaba's idea.
Of course, I agree with modernisation of licensing information.
Related: https://issues.redhat.com/browse/OSH-347
Reproducer: csmock -t snyk --force -r rhel-8-x86_64 osbuild-106-1.el10+4.src.rpm
Added the stats from snyk results (snyk coverage rate, analyzed files and total of files) to the metadata file.