Skip to content

Fix parsing Docker scan flags and Args #3276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
attiasas wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Fix parsing Docker scan flags and Args #3276

attiasas wants to merge 5 commits into from
+68 −4

Conversation

@attiasas
Copy link
Collaborator

@attiasas attiasas commented Dec 15, 2025
edited
Loading

  • All tests have passed. If this feature is not already covered by the tests, new tests have been added.
  • The pull request is targeting the master branch.
  • The code has been validated to compile successfully by running go vet ./....
  • The code has been formatted properly using go fmt ./....

Depends on:

Note: There is still an issue parsing flags/arguments.
This PR only fixing that the inner docker scan cmd flags will be parsed as flags and not arguments.
For the scan to work you need to run: docker scan <img> [flags] (argements before flags)

RemiBou
RemiBou reviewed Dec 15, 2025
View reviewed changes
buildtools/cli.go
return true
}

func getDockerFlags() []cli.Flag {
Copy link
Contributor

@RemiBou RemiBou Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no test ?

Copy link
Collaborator Author

@attiasas attiasas Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added

RemiBou
RemiBou reviewed Dec 15, 2025
View reviewed changes
buildtools/cli.go
// Avoiding flag duplication
for _, f := range converted {
if !flagNames.Exists(f.GetName()) {
flagList = append(flagList, f)
Copy link
Contributor

@RemiBou RemiBou Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use flagNames in the whole method and then convert it to slice ?

Copy link
Collaborator Author

@attiasas attiasas Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we do it, when converting to slice you will need to go over the 2 sources of flags to locate where it is.
flagNames used only so we can validate quick if a flag already exist. I can switch it to just check if the slice contains the value and remove flagNames from the func... IMO its ok like this

@github-actions
Copy link
Contributor

github-actions bot commented Dec 30, 2025

👍 Frogbot scanned this pull request and did not find any new security issues.

@attiasas attiasas requested a review from RemiBou December 30, 2025 07:53
@ehl-jf
Copy link
Contributor

ehl-jf commented Dec 31, 2025
edited
Loading

@attiasas What about creating a new function like https://github.com/jfrog/jfrog-cli/blob/master/buildtools/cli.go#L1131 for example extractDockerScanOptionsFromArgs and adding additional options to securityCLI.DockerScan to provide the security's specific options ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RemiBou RemiBou Awaiting requested review from RemiBou

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@attiasas @ehl-jf @RemiBou