Skip to content

Add image scope scanning option to the Linux detector #1600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jasonpaulos wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add image scope scanning option to the Linux detector #1600

jasonpaulos wants to merge 3 commits into from

Conversation

@jasonpaulos
Copy link
Member

@jasonpaulos jasonpaulos commented Dec 19, 2025

Add the ability to configure the image scanning scope used by Syft for the Linux detector.

This allows your to pass in the argument --DetectorArgs Linux.ImageScanScope=squashed to have the detector invoke Syft with --scope squashed instead of the default of --scope all-layers.

If components from all layers are not needed, squashed has significant performance benefits.

Copilot AI review requested due to automatic review settings December 19, 2025 20:02
@codecov
Copy link

codecov bot commented Dec 19, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 98.23009% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.1%. Comparing base (601ebcd) to head (36db1f8).

Files with missing lines Patch % Lines
...ion.Detectors.Tests/LinuxContainerDetectorTests.cs 93.5% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@          Coverage Diff           @@
##            main   #1600    +/-   ##
======================================
  Coverage   90.0%   90.1%            
======================================
  Files        437     437            
  Lines      37181   37285   +104     
  Branches    2306    2312     +6     
======================================
+ Hits       33499   33606   +107     
+ Misses      3210    3206     -4     
- Partials     472     473     +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed Dec 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds configurable image scanning scope to the Linux detector, allowing users to choose between scanning all layers (default) or only the squashed image for improved performance when intermediate layer components are not needed.

  • Introduces a LinuxScannerScope enum with AllLayers and Squashed options
  • Adds Linux.ImageScanScope detector argument to configure Syft's --scope parameter
  • Updates all affected interfaces, implementations, and tests to support the new parameter

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/Microsoft.ComponentDetection.Detectors/linux/LinuxScannerScope.cs New enum defining the two scan scope options (AllLayers and Squashed)
src/Microsoft.ComponentDetection.Detectors/linux/ILinuxScanner.cs Updated interface to add scope parameter to ScanLinuxAsync method
src/Microsoft.ComponentDetection.Detectors/linux/LinuxScanner.cs Refactored command building to use scope parameter; extracts --scope flag based on enum value using switch expression
src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs Added GetScanScope method to parse detector arguments and pass scope to scanner
test/Microsoft.ComponentDetection.Detectors.Tests/LinuxContainerDetectorTests.cs Updated mock setups and added comprehensive test cases for scope parameter parsing with various inputs
test/Microsoft.ComponentDetection.Detectors.Tests/LinuxScannerTests.cs Updated all test calls to include the new scope parameter (defaulting to AllLayers)

@jasonpaulos jasonpaulos marked this pull request as ready for review December 19, 2025 20:41
@jasonpaulos jasonpaulos requested a review from a team as a code owner December 19, 2025 20:41
@github-actions
Copy link

github-actions bot commented Dec 19, 2025

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

Copilot AI reviewed Dec 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@zhenghao104 zhenghao104 Awaiting requested review from zhenghao104 zhenghao104 is a code owner automatically assigned from microsoft/ose-component-detection-maintainers

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jasonpaulos