Skip to content

Only scan recursively if SCA is requested #632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
attiasas merged 3 commits into from
Dec 31, 2025
Merged

Only scan recursively if SCA is requested #632

attiasas merged 3 commits into from
Dec 31, 2025

Conversation

@attiasas
Copy link
Contributor

@attiasas attiasas commented Dec 29, 2025

  • The pull request is targeting the dev branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....
  • All static analysis checks passed.
  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • Updated the Contributing page / ReadMe page / CI Workflow files if needed.
  • All changes are detailed at the description. if not already covered at JFrog Documentation, new documentation have been added.

We offer the user option to detect sub directories in the root dir, in order to scan each of them with SCA correctly.

Users can choose not to scan recursevely by providing --working-dirs=. flag value.

This PR improve this logic and will not detect sub directortiesto scan in case only JAS scan requested (i.e no SCA or SBOM)

@attiasas attiasas added improvement Automatically generated release notes safe to test Approve running integration tests on a pull request labels Dec 29, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 29, 2025
@attiasas attiasas mentioned this pull request Dec 29, 2025
Closed
2 tasks
@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Dec 31, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 31, 2025
eyalk007
eyalk007 reviewed Dec 31, 2025
View reviewed changes
commands/audit/audit.go
// If no workingDirs were provided by the user, we apply a recursive scan on the root repository
} else if utils.IsScanRequested(utils.SourceCode, utils.ScaScan, auditCmd.ScansToPerform()...) || auditCmd.IncludeSbom {
// Only in case of SCA scan / SBOM requested and if no workingDirs were provided by the user
// We apply a recursive scan on the root repository
Copy link
Contributor

@eyalk007 eyalk007 Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove the second comment the first one understands the why the code itself explains the what

@attiasas attiasas added the safe to test Approve running integration tests on a pull request label Dec 31, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Dec 31, 2025
@github-actions
Copy link

github-actions bot commented Dec 31, 2025

👍 Frogbot scanned this pull request and did not find any new security issues.

@attiasas attiasas merged commit b08280a into jfrog:dev Dec 31, 2025
62 checks passed
@attiasas attiasas deleted the only_jas_one_target branch December 31, 2025 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eyalk007 eyalk007 eyalk007 approved these changes

@eranturgeman eranturgeman Awaiting requested review from eranturgeman

@orto17 orto17 Awaiting requested review from orto17

Assignees

No one assigned

Labels

improvement Automatically generated release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@attiasas @eyalk007