Fossa plugin is not auto-detecting Go for fossa analyze in a Go project

[rosskirkpat]

The fossa plugin is auto-detecting the incorrect language for a repo. https://drone-publish.rancher.io/rancher/rke2/1573/1/3

It looks like it's picking up some drone base-AMI artifacts in the root direct

[ INFO] Analyzing setuptools project at /drone/src/contrib/custom-image-kubelet/

One solution may be to add a WORKDIR that is a clean directory outside of the root of the image in the Dockerfile. https://github.com/rancherlabs/drone-plugin-fossa/blob/main/Dockerfile#L10

[oxr463]

That path is part of the rancher/rke2 repository:

• https://github.com/rancher/rke2/tree/master/contrib/custom-image-kubelet

I'm not sure what the purpose of that python script is (other than what is mentioned in the README.md file), but it seems like FOSSA is detecting that requirements.txt file and the *.py files and assuming Python.

If you look at this line:

[ INFO] Analyzing gomod project at /drone/src/

It seems to also be scanning the go code. We can even see the go dependencies in the report.

The current working directory for the image defaults to / as can be seen below:

docker run --entrypoint /bin/sh -e PLUGIN_API_KEY="" -it rancher/drone-fossa
/ # pwd
/