Skip to content

Commit

Permalink
ci(update): make it possible to pass additional options to osv-scanne…
Browse files Browse the repository at this point in the history 
…r (backport of #9940) (#9943)

* ci(update): make it possible to pass additional options to osv-scanner (#9940)

Signed-off-by: slonka <[email protected]>

* Update .github/workflows/update-insecure-dependencies.yaml

Signed-off-by: Krzysztof Słonka <[email protected]>

---------

Signed-off-by: slonka <[email protected]>
Signed-off-by: Krzysztof Słonka <[email protected]>
Co-authored-by: Krzysztof Słonka <[email protected]>
  • Loading branch information
@kumahq @slonka
kumahq[bot] and slonka authored Apr 16, 2024
1 parent b0ad069 commit d5ca64a
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
7 changes: 5 additions & 2 deletions .github/workflows/update-insecure-dependencies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ jobs:
env:
GITHUB_TOKEN: ${{ github.token }}
update-insecure-dependencies:
env:
OSV_SCANNER_ADDITIONAL_OPTS: ""
timeout-minutes: 20
needs:
- build-matrix
strategy:
Expand All @@ -43,7 +46,7 @@ jobs:
- name: "Prepare commit body - before"
id: prepare_commit_body_before
run: |
SCAN_OUTPUT_BEFORE=$(osv-scanner --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
SCAN_OUTPUT_BEFORE=$(osv-scanner $OSV_SCANNER_ADDITIONAL_OPTS --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
echo "SCAN_OUTPUT_BEFORE<<EOF" >> $GITHUB_ENV
echo "$SCAN_OUTPUT_BEFORE" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
Expand All @@ -54,7 +57,7 @@ jobs:
- name: "Prepare commit body - after"
id: prepare_commit_body_after
run: |
SCAN_OUTPUT_AFTER=$(osv-scanner --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
SCAN_OUTPUT_AFTER=$(osv-scanner $OSV_SCANNER_ADDITIONAL_OPTS --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
echo "SCAN_OUTPUT_AFTER<<EOF" >> $GITHUB_ENV
echo "$SCAN_OUTPUT_AFTER" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
Expand Down
2 changes: 1 addition & 1 deletion tools/ci/update-vulnerable-dependencies/update-vulnerable-dependencies.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ command -v jq >/dev/null 2>&1 || { echo >&2 "jq not installed!"; exit 1; }
SCRIPT_PATH="${BASH_SOURCE[0]:-$0}";
SCRIPT_DIR="$(dirname -- "$SCRIPT_PATH")"

for dep in $(osv-scanner --lockfile=go.mod --json | jq -c '.results[].packages[] | .package.name as $vulnerablePackage | {
for dep in $(osv-scanner "$OSV_SCANNER_ADDITIONAL_OPTS" --lockfile=go.mod --json | jq -c '.results[].packages[] | .package.name as $vulnerablePackage | {
name: $vulnerablePackage,
current: .package.version,
fixedVersions: [.vulnerabilities[].affected[] | select(.package.name == $vulnerablePackage) | .ranges[].events |
Expand Down

0 comments on commit d5ca64a

Please sign in to comment.