Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] scanTarget Usage #163

Open
jwise-sncr opened this issue Aug 22, 2024 · 1 comment
Open

[BUG] scanTarget Usage #163

jwise-sncr opened this issue Aug 22, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@jwise-sncr
Copy link

Describe the bug
When using the scanTargets option and specifying either package-lock.json files OR an ANT glob pattern like 'src/**/.js', the scan works great. However, if I specify both the package-lock.json files AND the ANT glob, then only the ANT glob results appear in the scan. Moving the ANT glob to different positions in the list did not change the behavior.

To Reproduce
For an npm project wrapped with Gradle where the src directory contains node_modules instead of a package-lock.json file, a scanTargets option like the following produces results for only the ANT glob pattern.

  scanTargets = [
      'src/**/*.js*',
      'module-a/package-lock.json',
      'module-b/package-lock.json',
      'module-c/package-lock.json'
  ]

Expected behavior
Scan across all targets in the scanTargets list.

Screenshots
n/a

Desktop (please complete the following information):

  • OS: OS X 14.4.1 (aarch64)
  • Gradle Version: 8.8
  • JVM Version and Flavor: Amazon Corretto OpenJDK 64-Bit Server VM 17.0.11+9-LTS (mixed mode, sharing)
  • Nexus IQ Server Version: 174
  • Version: 2.8.3

Additional context
n/a
@jwise-sncr jwise-sncr added the bug Something isn't working label Aug 22, 2024
@guillermo-varela
Copy link
Contributor

@jwise-sncr,

I created a small Gradle project with a similar strucutre as you described and was not able to replicate the issue:

Folder structure:
Screenshot 2024-08-29 at 5 54 01 PM

Plugin configuration:

plugins {
  id 'java'
  id('org.sonatype.gradle.plugins.scan') version '2.8.3'
}

nexusIQScan {
  username = '...'
  password = '...'
  serverUrl = 'http://localhost:8070'
  applicationId = project.name
  scanTargets = [
      'src/**/*.js*',
      'module-a/package-lock.json',
      'module-b/package-lock.json'
  ]
}

Plugin output (only relevant parts shown):

./gradlew clean nexusIQScan
...
Scan target: ...gradle-test/module-a/package-lock.json
Scan target: ...gradle-test/module-b/package-lock.json
Scan target: ...gradle-test/src/axios.min.js
Scan target: ...gradle-test/src/index.js
Scan target: ...gradle-test/src/sub-folder/ramda.min.js
...
2024-08-29T17:57:33.410-05:00 Starting scanning target: ...gradle-test/module-a/package-lock.json
2024-08-29T17:57:33.418-05:00 Starting scanning target: ...gradle-test/module-b/package-lock.json
2024-08-29T17:57:33.431-05:00 Starting scanning target: ...gradle-test/src/axios.min.js
2024-08-29T17:57:33.433-05:00 Starting scanning target: ...gradle-test/src/index.js
2024-08-29T17:57:33.433-05:00 Starting scanning target: ...gradle-test/src/sub-folder/ramda.min.js
2024-08-29T17:57:33.434-05:00 Scanned 5 total files
...
Number of components: 5
...

Evaluation report:
Screenshot 2024-08-29 at 6 02 18 PM

From all the above, all scan targets were included in the resulting report.

Could you please test the attached project and see if that works for you?

Or please provide us with a sample project where the issue occurs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@guillermo-varela @jwise-sncr