Closed miki725 closed 4 weeks ago
With this PR, we now only test the run-via-docker approach, right? Should we test the case where docker is not available? If yes, I'm OK with us leaving that until later (and opening a ticket to track it) if you're also happy with that.
had to adjust some things but done in 9db4f14
(#314)
CHANGELOG.md
if necessaryDescription
previously chalk would always try to install the external tool on the host system which in some cases required some system dependencies like
pipx
orpython3
to be available forsemgrep
. Right now the precedence is:This should minimize any external system dependencies and should allow to bundle any tool configs in a container which can be customized via the config:
In addition some logging was improved in tool runtime to help in debugging what tool ran and what keys it generated.
Also
semgrep ci
does not allow to specify target for scanning which means that it was always scanningcwd()
which is incorrect for example in case of docker builds when context is outside ofcwd()
. Nowsemgrep scan
is used which allows to specify target for scanning.Testing