Closed rosskirkpat closed 2 years ago
That path is part of the rancher/rke2 repository:
I'm not sure what the purpose of that python script is (other than what is mentioned in the README.md file), but it seems like FOSSA is detecting that requirements.txt
file and the *.py
files and assuming Python.
If you look at this line:
[ INFO] Analyzing gomod project at /drone/src/
It seems to also be scanning the go code. We can even see the go dependencies in the report.
The current working directory for the image defaults to /
as can be seen below:
docker run --entrypoint /bin/sh -e PLUGIN_API_KEY="" -it rancher/drone-fossa
/ # pwd
/
The fossa plugin is auto-detecting the incorrect language for a repo. https://drone-publish.rancher.io/rancher/rke2/1573/1/3
It looks like it's picking up some drone base-AMI artifacts in the root direct
One solution may be to add a WORKDIR that is a clean directory outside of the root of the image in the Dockerfile. https://github.com/rancherlabs/drone-plugin-fossa/blob/main/Dockerfile#L10