making inventory not store any packages anymore simplifying its usage…

… especially for scanning multiple repos at the same time
boostsecurityio · Nov 20, 2024 · cea0f53 · cea0f53
1 parent f6ac29b
commit cea0f53
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 33 deletions.
diff --git a/analyze/analyze.go b/analyze/analyze.go
@@ -114,13 +114,15 @@ func (a *Analyzer) AnalyzeOrg(ctx context.Context, org string, numberOfGoroutine
 	}
 	goRoutineLimitSem := semaphore.NewWeighted(int64(maxGoroutines))
 
+	scannedPackages := make([]*models.PackageInsights, 0)
+
 	pkgChan := make(chan *models.PackageInsights)
 	pkgWg := sync.WaitGroup{}
 	pkgWg.Add(1)
 	go func() {
 		defer pkgWg.Done()
 		for pkg := range pkgChan {
-			inventory.Packages = append(inventory.Packages, pkg)
+			scannedPackages = append(scannedPackages, pkg)
 		}
 	}()
 
@@ -198,7 +200,7 @@ func (a *Analyzer) AnalyzeOrg(ctx context.Context, org string, numberOfGoroutine
 
 	_ = bar.Finish()
 
-	return a.finalizeAnalysis(ctx, inventory)
+	return a.finalizeAnalysis(ctx, scannedPackages)
 }
 
 func (a *Analyzer) AnalyzeRepo(ctx context.Context, repoString string, ref string) error {
@@ -240,13 +242,13 @@ func (a *Analyzer) AnalyzeRepo(ctx context.Context, repoString string, ref strin
 		return err
 	}
 
-	err = inventory.AddScanPackage(ctx, *pkg, tempDir)
+	scannedPackage, err := inventory.ScanPackage(ctx, *pkg, tempDir)
 	if err != nil {
 		return err
 	}
 	_ = bar.Finish()
 
-	return a.finalizeAnalysis(ctx, inventory)
+	return a.finalizeAnalysis(ctx, []*models.PackageInsights{scannedPackage})
 }
 
 func (a *Analyzer) AnalyzeLocalRepo(ctx context.Context, repoPath string) error {
@@ -277,20 +279,20 @@ func (a *Analyzer) AnalyzeLocalRepo(ctx context.Context, repoPath string) error
 		return err
 	}
 
-	err = inventory.AddScanPackage(ctx, *pkg, repoPath)
+	scannedPackage, err := inventory.ScanPackage(ctx, *pkg, repoPath)
 	if err != nil {
 		return err
 	}
 
-	return a.finalizeAnalysis(ctx, inventory)
+	return a.finalizeAnalysis(ctx, []*models.PackageInsights{scannedPackage})
 }
 
 type Formatter interface {
 	Format(ctx context.Context, packages []*models.PackageInsights) error
 }
 
-func (a *Analyzer) finalizeAnalysis(ctx context.Context, inventory *scanner.Inventory) error {
-	err := a.Formatter.Format(ctx, inventory.Packages)
+func (a *Analyzer) finalizeAnalysis(ctx context.Context, scannedPackages []*models.PackageInsights) error {
+	err := a.Formatter.Format(ctx, scannedPackages)
 	if err != nil {
 		return err
 	}

diff --git a/scanner/inventory.go b/scanner/inventory.go
@@ -14,34 +14,21 @@ type ReputationClient interface {
 }
 
 type Inventory struct {
-	Packages        []*models.PackageInsights
-	providerVersion string
-	provider        string
-
 	opa             *opa.Opa
 	pkgsupplyClient ReputationClient
+	providerVersion string
+	provider        string
 }
 
 func NewInventory(opa *opa.Opa, pkgSupplyClient ReputationClient, provider string, providerVersion string) *Inventory {
 	return &Inventory{
-		Packages:        make([]*models.PackageInsights, 0),
 		opa:             opa,
 		pkgsupplyClient: pkgSupplyClient,
 		provider:        provider,
 		providerVersion: providerVersion,
 	}
 }
 
-func (i *Inventory) AddScanPackage(ctx context.Context, pkgInsights models.PackageInsights, workdir string) error {
-	refPkgInsights, err := i.ScanPackage(ctx, pkgInsights, workdir)
-	if err != nil {
-		return err
-	}
-
-	i.Packages = append(i.Packages, refPkgInsights)
-	return nil
-}
-
 func (i *Inventory) ScanPackage(ctx context.Context, pkgInsights models.PackageInsights, workdir string) (*models.PackageInsights, error) {
 	inventoryScanner := NewInventoryScanner(workdir)
 

diff --git a/scanner/inventory_scanner_test.go b/scanner/inventory_scanner_test.go
@@ -68,14 +68,13 @@ func TestRun(t *testing.T) {
 
 	i := NewInventory(o, nil, "github", "")
 
-	err := i.AddScanPackage(context.TODO(), *pkgInsights, workdir)
-
-	assert.Nil(t, err)
+	scannedPackage, err := i.ScanPackage(context.TODO(), *pkgInsights, workdir)
+	assert.NoError(t, err)
 
-	assert.Contains(t, i.Packages[0].BuildDependencies, "pkg:githubactions/actions/checkout@v4")
-	assert.Contains(t, i.Packages[0].PackageDependencies, "pkg:githubactions/actions/github-script@main")
-	assert.Contains(t, i.Packages[0].PackageDependencies, "pkg:docker/alpine%3Alatest")
-	assert.Equal(t, 3, len(i.Packages[0].GitlabciConfigs))
+	assert.Contains(t, scannedPackage.BuildDependencies, "pkg:githubactions/actions/checkout@v4")
+	assert.Contains(t, scannedPackage.PackageDependencies, "pkg:githubactions/actions/github-script@main")
+	assert.Contains(t, scannedPackage.PackageDependencies, "pkg:docker/alpine%3Alatest")
+	assert.Equal(t, 3, len(scannedPackage.GitlabciConfigs))
 }
 
 func TestPipelineAsCodeTekton(t *testing.T) {

diff --git a/scanner/inventory_test.go b/scanner/inventory_test.go
@@ -64,10 +64,10 @@ func TestFindings(t *testing.T) {
 	}
 	_ = pkg.NormalizePurl()
 
-	err := i.AddScanPackage(context.Background(), *pkg, "testdata")
-	assert.Nil(t, err)
+	scannedPackage, err := i.ScanPackage(context.Background(), *pkg, "testdata")
+	assert.NoError(t, err)
 
-	analysisResults := i.Packages[0].FindingsResults
+	analysisResults := scannedPackage.FindingsResults
 
 	rule_ids := []string{}
 	for _, r := range analysisResults.Rules {