Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Added CLI output for --probes #4391

Closed
wants to merge 2 commits into from
Closed

🐛 Added CLI output for --probes #4391

wants to merge 2 commits into from

Conversation

eddie-knight
Copy link
Contributor

What kind of change does this PR introduce?

🐛 Bugfix

What is the current behavior?

% go run main.go --repo=github.com/ossf-tests/scorecard-check-branch-protection-e2e --probes=fuzzed
Starting probe [fuzzed]
Finished probe fuzzed
Aggregate score: ?

Check scores:
|-------|------|--------|---------------------------|
| SCORE | NAME | REASON | DOCUMENTATION/REMEDIATION |
|-------|------|--------|---------------------------|

What is the new behavior (if this is a feature change)?**

% go run main.go --repo=github.com/ossf-tests/scorecard-check-branch-protection-e2e --probes=fuzzed
Starting probe [fuzzed]
Finished probe fuzzed
[fuzzed] Remediation required: Setup one of tools we currently detect https://github.com/ossf/scorecard/blob/main/docs/checks/fuzzing/README.md.
  • Tests for the changes have been added (for bug fixes/features)

Does this PR introduce a user-facing change?

For user-facing changes, please add a concise, human-readable release note to
the release-note

(In particular, describe what changes users might need to make in their
application as a result of this pull request.)

Cleaned up the CLI output when running specific probes via --probes

@eddie-knight eddie-knight marked this pull request as ready for review October 24, 2024 02:16
@eddie-knight eddie-knight requested a review from a team as a code owner October 24, 2024 02:16
@eddie-knight eddie-knight requested review from naveensrinivasan and spencerschrock and removed request for a team October 24, 2024 02:16
@eddie-knight eddie-knight mentioned this pull request Oct 31, 2024
Closed
2 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 4, 2024

This pull request has been marked stale because it has been open for 10 days with no activity

@github-actions github-actions bot added the Stale label Nov 4, 2024
raghavkaul
raghavkaul reviewed Nov 4, 2024
View reviewed changes
cmd/root.go Show resolved Hide resolved
@spencerschrock
Copy link
Member

Cleaned up the CLI output when running specific probes via --probes

I'll note there's also --format probe which will display everything in a probe specific JSON format. But adding more detail to the default output seems reasonable too.

go run main.go --repo=github.com/ossf-tests/scorecard-check-branch-protection-e2e --probes=fuzzed --format probe | jq
{
  "date": "2024-11-04",
  "repo": {
    "name": "github.com/ossf-tests/scorecard-check-branch-protection-e2e",
    "commit": "12ae42962014ee9aeb01d991ee2cd799ad6de659"
  },
  "scorecard": {
    "version": "devel",
    "commit": "unknown"
  },
  "findings": [
    {
      "remediation": {
        "text": "Setup one of tools we currently detect https://github.com/ossf/scorecard/blob/main/docs/checks/fuzzing/README.md.",
        "markdown": "Setup one of [tools we currently detect](https://github.com/ossf/scorecard/blob/main/docs/checks/fuzzing/README.md).",
        "effort": 3
      },
      "probe": "fuzzed",
      "message": "no fuzzer integrations found",
      "outcome": "False"
    }
  ]
}

@github-actions github-actions bot removed the Stale label Nov 5, 2024
spencerschrock
spencerschrock reviewed Nov 5, 2024
View reviewed changes
cmd/root.go Outdated Show resolved Hide resolved
@eddie-knight
🐛 Added CLI output for --probes
07cb181 
Signed-off-by: Eddie Knight <[email protected]>

Applied review feedback

Signed-off-by: Eddie Knight <[email protected]>

Apply suggestions from code review

Signed-off-by: Eddie Knight <[email protected]>

typofix

Signed-off-by: Eddie Knight <[email protected]>
spencerschrock
spencerschrock reviewed Nov 7, 2024
View reviewed changes
cmd/root.go
Comment on lines +214 to +216
fmt.Fprintf(os.Stderr, "[%s] Remediation required: %s\n", result.Probe, result.Remediation.Text)
} else {
fmt.Fprintf(os.Stderr, "[%s] Passed: %s\n", result.Probe, result.Message)
Copy link
Member

@spencerschrock spencerschrock Nov 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How important are these exact phrases to your use case? Just informational?
I ask because I may want this cleaned up in the future/follow-up to be part of AsString. I'm not sure what it would look like, but being able to send the string to os.Stdout or the specified --output file would be good long-term.

@eddie-knight
Copy link
Contributor Author

I lost momentum on this effort, and I'm not sure it's entirely relevant since we now know that there is a solution via --output. I'm closing this for now to clear it from the repo's PR backlog.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spencerschrock spencerschrock spencerschrock left review comments

@raghavkaul raghavkaul raghavkaul approved these changes

@naveensrinivasan naveensrinivasan Awaiting requested review from naveensrinivasan naveensrinivasan is a code owner automatically assigned from ossf/scorecard-maintainers

Assignees
No one assigned
Labels
None yet
Projects
Scorecard - NEW
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eddie-knight @spencerschrock @raghavkaul