Container scan (Analyze/Test w/ upload) #173
Conversation
| -- , wigginsBinaryPath :: Path Abs File | ||
| -- } | ||
|
|
||
| data PackagedBinary |
There was a problem hiding this comment.
This is a clever way of structuring this, and is probably good. I'm going to suggest another similar way to structure this, but don't feel obligated to change anything.
Rather than using PackagedBinary as a key for other functions like extractedPath, we can directly include that information in a record.
I would use this structure for PackagedBinary:
data PackagedBinary
{ packagedBinaryName :: Text
, packagedBinaryBS :: ByteString
}and then we could replace, e.g.,
embeddedBinaryWiggins :: ByteStringwith
embeddedBinaryWiggins :: PackagedBinaryI understand this loses us the clever allBins implementation, and compile-time warnings if we forget to include something in there, so I'm kind of split.
There was a problem hiding this comment.
Hmm, I'm not sure I understand the advantage of doing it the way you proposed. Can you explain a little more in detail why we might want to do it that way?
| @@ -100,6 +105,29 @@ appMain = do | |||
| unless vpsReportJsonOutput $ die "report command currently only supports JSON output. Please try `fossa report --json REPORT_NAME`" | |||
| baseDir <- validateDir vpsReportBaseDir | |||
| VPSReport.reportMain baseDir apiOpts logSeverity vpsReportTimeout vpsReportType override | |||
| -- | |||
| ContainerCommand ContainerOptions {..} -> do | |||
| dieOnWindows "container scanning" | |||
There was a problem hiding this comment.
I think windows support is later.
| let apiOpts = ApiOpts optBaseUrl apikey | ||
| ContainerTest.testMain apiOpts logSeverity containerTestTimeout containerTestOutputType override containerTestImage | ||
| -- | ||
| DumpBinsCommand dir -> do |
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
skilly-lily
force-pushed
the
container-scan
branch
from
4069080 to
deece4f
Compare
| <*> obj .: "type" | ||
| <*> obj .: "purl" | ||
| <*> obj .: "metadataType" | ||
| -- We delete "files" as early as possible, which reduces |
There was a problem hiding this comment.
Could you elaborate on what a file is? I get why we need a comment here but I don't really understand what it is saying. I'm guessing this may make sense to me as I read further.
There was a problem hiding this comment.
There's some output from the syft binary that is under the nested json key artifacts[n].metadata.files.
{
"artifacts": [
{
"metadata": {
"files": [
// enormous array of info we don't need
]
}
}
]
}Since this value is unnecessary AND huge, we take steps to prevent loading it into memory as much as possible. Since haskell lazily evaluates data by default, and the Data.Map and Data.Map.Lazy internal map structure are strict in keys, but lazy in values, we can potentially remove the files key from this map without ever trying to hold the entire array in memory at once.
The comment is saying "we retain the json-like map structure, but we want to ignore the 'files' field to save a ton of memory."
| case issuesCount issues of | ||
| 0 -> logInfo "Test passed! 0 issues found" | ||
| n -> do | ||
| logError $ "Test failed. Number of issues found: " <> pretty n |
There was a problem hiding this comment.
I know you were mirroring what we do in fossa test right now, but I feel like this should only print if the user has a full API token. Right now I think the user will see the following if they have a push only token.
Test failed. Number of issues found: Check webapp for more details, or use a full-access API key (currently using a push-only API key)
We should probably split these up so the user sees the following with a push only token.
Test failed. Check webapp for more details, or use a full-access API key (currently using a push-only API key)
There was a problem hiding this comment.
Why should this be different from fossa test? Also, why should we hide the number of issues when the count is always sent back?
Signed-off-by: Wesley Van Melle <van.melle.wes@gmail.com>
Fixes fossas/issues#312
Fixes fossas/issues#313
Fixes fossas/issues#314
Fixes fossas/issues#315
See fossas/issues#312 for more info.
Note that this is unlikely to merge until testing is complete, but is ready for review.