Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Handle osvscanner errors on projects with no dependencies #3803

Merged
merged 3 commits into from
Jan 19, 2024
Merged

🐛 Handle osvscanner errors on projects with no dependencies #3803

merged 3 commits into from
Jan 19, 2024

Conversation

spencerschrock
Copy link
Contributor

What kind of change does this PR introduce?

bug fix

What is the current behavior?

osvscanner.DoScan throws an error when no packages are found. This bubbles up to the Vulnerabilities check as a runtime error.

What is the new behavior (if this is a feature change)?**

We ignore osvscanner.NoPackagesFoundErr.

  • Tests for the changes have been added (for bug fixes/features)

Which issue(s) this PR fixes

Fixes #3802

Special notes for your reviewer

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Projects without dependencies or packages no longer throw an error for the Vulnerabilities check.

@spencerschrock
handle osv errors for projects without packages
090d7fe 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock spencerschrock requested a review from a team as a code owner January 17, 2024 21:16
@spencerschrock spencerschrock requested review from justaugustus and laurentsimon and removed request for a team January 17, 2024 21:16
@codecov Codecov
Copy link

codecov bot commented Jan 17, 2024
edited
Loading

Codecov Report

Merging #3803 (b43e47b) into main (51f1732) will decrease coverage by 6.77%.
The diff coverage is 100.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3803      +/-   ##
==========================================
- Coverage   75.48%   68.72%   -6.77%     
==========================================
  Files         230      230              
  Lines       15622    15624       +2     
==========================================
- Hits        11793    10737    -1056     
- Misses       3103     4231    +1128     
+ Partials      726      656      -70

@spencerschrock
make test parallel
885811d 
Signed-off-by: Spencer Schrock <sschrock@google.com>
@spencerschrock
Copy link
Contributor Author

/scdiff generate Vulnerabilities

@github-actions GitHub Actions
Copy link

Here's a link to the scdiff run

@spencerschrock spencerschrock enabled auto-merge (squash) January 19, 2024 19:04
@spencerschrock spencerschrock merged commit b556d93 into ossf:main Jan 19, 2024
38 checks passed
@spencerschrock spencerschrock deleted the fix/osv-no-packages branch January 19, 2024 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@another-rex another-rex another-rex left review comments

@laurentsimon laurentsimon laurentsimon approved these changes

@justaugustus justaugustus Awaiting requested review from justaugustus justaugustus is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

BUG: Running checks with --local option
3 participants
@spencerschrock @laurentsimon @another-rex