Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to provide a repo URL #319

Open
Jayp0weru5r opened this issue Feb 23, 2021 · 7 comments
Open

Ability to provide a repo URL #319

Jayp0weru5r opened this issue Feb 23, 2021 · 7 comments
Labels
enhancement New feature or request

Comments

@Jayp0weru5r
Copy link

Is your feature request related to a problem? Please describe.
It can be a bit more difficult to have to download the repo locally to perform a scan.
Describe the solution you'd like
Ability to be able to provide a repoURL and it gets downloaded to a tmp directory performs the analysis generates a report and deletes the downloaded folder afterwards.

Describe alternatives you've considered

A flag for git Integration --git utilizes git cli to clone the repo, perform analysis, generate report and clean up cloned directory.

Additional context
@Jayp0weru5r Jayp0weru5r added the enhancement New feature or request label Feb 23, 2021
@gfs
Copy link
Contributor

gfs commented Feb 23, 2021

This sounds like an interesting idea. I think we can do this by calling oss-download.

@gfs
Copy link
Contributor

gfs commented Feb 23, 2021

oss-download would give us the ability to support download of github sources. @Jayp0weru5r is the code you're working with generally on github?

@gfs gfs mentioned this issue Feb 23, 2021
Closed
@gfs
Copy link
Contributor

gfs commented Feb 23, 2021

See microsoft/OSSGadget#195 for adding support for arbitrary git repo uris to oss-download.

@Jayp0weru5r
Copy link
Author

oss-download would give us the ability to support download of github sources. @Jayp0weru5r is the code you're working with generally on github?

@gfs we are also working with Azure Devops that is why I I was thinking it could leverage git.

@gfs
Copy link
Contributor

gfs commented Feb 25, 2021
edited

I was mistaken about what we already support in oss-download. Assuming the dev ops feeds are public you could download them with oss-download which uses libgit2sharp. We could (need to talk to @guyacosta first) investigate incorporating the oss-download action in Application inspector.

@Jayp0weru5r

It sounds like your request is:

Given a public url of a git repo like https://path.to/repo.git Return the Application inspector results.

Is that correct? If that is the case its a matter of hooking up a couple of our libraries (some will first need to be published to nuget).

On the other hand, If you want to access authenticated feeds that likely wouldn't be feasible for us to implement and we'd recommend getting the source yourself.

@guyacosta
Copy link
Contributor

I actually implemented an Azure based solution that would handle URL's from packages on other repos but which had a link to a downloadable source location on Github. Haven't been maintaining it and never published it but it would do just that and return the results as part of the HTML get request where you could optionally (not ideal) include credentials for a private repo. Will talk with mngt. team to see if we want to support this and add support for other git repos.

@gfs
Copy link
Contributor

gfs commented Mar 14, 2021

Depends on microsoft/OSSGadget#196.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gfs @Jayp0weru5r @guyacosta