[NO TICKET] Remove old feature warnings (#1446)

* Remove gomodules warning.

* Remove native container scanner warning.

* Remove references to the "old" container scanner.

* Update changelog.

Author: csasarak

Changelog.md

@@ -3,6 +3,7 @@
 ## 3.9.28
 
 - Container Scanning: Distroless containers will now return results for non-system dependencies. ([#1448](https://github.com/fossas/fossa-cli/pull/1448))
+- Warnings: Remove warnings about native container scanning and Go packages analysis. ([#1446](https://github.com/fossas/fossa-cli/pull/1446))
 
 ## 3.9.27
 

docs/references/subcommands/container/scanner.md

@@ -1,6 +1,6 @@
-# FOSSA's new container scanner
+# FOSSA's container scanner
 
-- [FOSSA's new container scanner](#fossas-new-container-scanner)
+- [FOSSA's container scanner](#fossas-new-container-scanner)
   - [What's new in this scanner?](#whats-new-in-this-scanner)
 - [Documentation](#documentation)
   - [Container image source](#container-image-source)
@@ -21,28 +21,24 @@
     - [How do I exclude specific projects from container scanning?](#how-do-i-exclude-specific-projects-from-container-scanning)
   - [Limitations & Workarounds](#limitations--workarounds)
 
-## What's new in this scanner?
+## What's supported in FOSSA's container scanner?
 
-FOSSA's new container scanner adds support for compliance and vulnerability checks for application dependencies inside of containers.
+FOSSA's container scanner adds support for compliance and vulnerability checks for application dependencies inside of containers.
 The performance of analysis and support for container image sources is improved, and is more robust for future enhancement.
 
-FOSSA's new container scanner brings support for standard FOSSA CLI features into containers:
+FOSSA's container scanner brings support for standard FOSSA CLI features into containers:
 - Support for configuration via `.fossa.yml`.
 - Support for path filtering (exclusion and inclusion).
 
-Finally, FOSSA's new container scanner improves the user experience and reports more information to FOSSA servers,
-improving both the information available to users and the ability for FOSSA to debug questions or issues.
-For example, images scanned with the container scanner show the origin path for each dependency discovered inside the image, just like analysis of a local project.
-
-Like the legacy container scanner, the container scanner fully supports the detection of OS dependencies (`apk`, `deb`, etc).
+The container scanner fully supports the detection of OS dependencies (`apk`, `deb`, etc).
 
 Refer to following guides for integrating container scanning in your CI,
 
 - [Walthrough: Integrating in Generic CI](./../../../walkthroughs/container-scanning-generic-ci.md)
 
 # Documentation
 
-FOSSA's new container scanner scans the base layer of the image, squashes all other layers, and scans those as well.
+FOSSA's container scanner scans the base layer of the image, squashes all other layers, and scans those as well.
 Scans report compliance and security issues for operating system dependencies and application dependencies.
 
 To scan a container image with `fossa-cli`, use the `container analyze` command:
@@ -203,7 +199,7 @@ All `GET` request from step 2 to step 5, will make `HEAD` call prior to confirm
 
 ## Container image analysis
 
-The new container scanner scans in two steps:
+The container scanner scans in two steps:
 1. The base layer.
 2. The rest of the layers, squashed. 
 
@@ -289,7 +285,7 @@ Example output:
 
 ### Utilize analysis target configuration
 
-The new container scanner supports configuring analysis targets via `.fossa.yml`, as with a standard `fossa analyze` command.
+The container scanner supports configuring analysis targets via `.fossa.yml`, as with a standard `fossa analyze` command.
 For more information on configuring analysis targets, see [analysis target configuration](../../files/fossa-yml.md#analysis-target-configuration).
 
 For example, the following `fossa.yml` excludes all `setuptools` targets:
@@ -366,7 +362,7 @@ fossa container analyze <IMAGE> -c .fossa.config.yaml --output
 
 ## Limitations & Workarounds
 
-`fossa-cli` using the container scanner does not support [v1 docker manifest format](https://docs.docker.com/registry/spec/manifest-v2-1/).
+`fossa-cli` does not support [v1 docker manifest format](https://docs.docker.com/registry/spec/manifest-v2-1/).
 This manifest format is officially deprecated, but is still found in some registries.
 
 The recommended workaround is to export the image to an archive, then analyze that:

src/App/Fossa/Container.hs

@@ -2,7 +2,6 @@ module App.Fossa.Container (
   containerSubCommand,
 ) where
 
-import App.Docs (fossaContainerScannerUrl)
 import App.Fossa.Config.Container (
   ContainerAnalyzeConfig (usesExperimentalScanner),
   ContainerCommand,
@@ -13,19 +12,16 @@ import App.Fossa.Container.AnalyzeNative qualified as AnalyzeNative
 import App.Fossa.Container.ListTargets (listTargets)
 import App.Fossa.Container.Test qualified as Test
 import App.Fossa.Subcommand (SubCommand)
-import App.Support (supportUrl)
 import Control.Effect.Diagnostics (
   Diagnostics,
   Has,
  )
 import Control.Effect.Lift (Lift)
 import Control.Effect.Telemetry (Telemetry)
-import Control.Monad (void)
+import Control.Monad (void, when)
 import Effect.Exec (Exec)
 import Effect.Logger (
   Logger,
-  Pretty (pretty),
-  indent,
   logWarn,
   vsep,
  )
@@ -46,37 +42,18 @@ dispatch ::
   m ()
 dispatch = \case
   AnalyzeCfg cfg -> do
-    if (usesExperimentalScanner cfg)
-      then
-        logWarn $
-          vsep
-            [ "DEPRECATION NOTICE"
-            , ""
-            , "The 'experimental' container scanner is now the only available scanner, and is enabled automatically."
-            , ""
-            , "The --experimental-scanner flag is now deprecated, and has no effect."
-            , "In the future, using this flag will cause a fatal error."
-            , "To avoid these errors, remove the flag from your fossa commands."
-            , ""
-            ]
-      else
-        logWarn $
-          vsep
-            [ "NOTICE"
-            , ""
-            , "FOSSA CLI is using new native container scanner, which scans for application"
-            , "dependencies in the container image by default. To only scan for system"
-            , "dependencies, provide `--only-system-deps` flag."
-            , ""
-            , "To learn more,"
-            , indent 4 $ pretty fossaContainerScannerUrl
-            , ""
-            , "In future release of FOSSA CLI, this notice will not be displayed."
-            , ""
-            , "If you are running into a performance issue or poor results on image analysis"
-            , "with new scanner, please contact FOSSA support at:"
-            , indent 4 $ pretty supportUrl
-            ]
+    when (usesExperimentalScanner cfg) $
+      logWarn $
+        vsep
+          [ "DEPRECATION NOTICE"
+          , ""
+          , "The 'experimental' container scanner is now the only available scanner, and is enabled automatically."
+          , ""
+          , "The --experimental-scanner flag is now deprecated, and has no effect."
+          , "In the future, using this flag will cause a fatal error."
+          , "To avoid these errors, remove the flag from your fossa commands."
+          , ""
+          ]
 
     void $ AnalyzeNative.analyzeExperimental cfg
   TestCfg cfg -> Test.test cfg

src/Strategy/Gomodules.hs

@@ -13,7 +13,6 @@ import Control.Effect.Diagnostics (Diagnostics, context, fatalText, recover, (<|
 import Control.Effect.Reader (Reader, asks)
 import Control.Monad (when)
 import Data.Aeson (ToJSON)
-import Data.String.Conversion (toText)
 import Data.Text (Text)
 import Discovery.Filters (AllFilters)
 import Discovery.Simple (simpleDiscover)
@@ -23,12 +22,10 @@ import Discovery.Walk (
   walkWithFilters',
  )
 import Effect.Exec (Exec, Has)
-import Effect.Logger (Logger, logInfo, redText)
 import Effect.ReadFS (ReadFS)
 import GHC.Generics (Generic)
 import Graphing (Graphing)
 import Path (Abs, Dir, File, Path)
-import Prettyprinter (line, nest, pretty)
 import Strategy.Go.GoListPackages qualified as GoListPackages
 import Strategy.Go.Gomod qualified as Gomod
 import Strategy.Go.Gostd (GoStdlibDep, filterGoStdlibPackages, listGoStdlibPackages)
@@ -70,7 +67,7 @@ mkProject project =
     , projectData = project
     }
 
-getDeps :: (Has Exec sig m, Has ReadFS sig m, Has Logger sig m, Has Diagnostics sig m) => GomodulesProject -> GoDynamicTactic -> m DependencyResults
+getDeps :: (Has Exec sig m, Has ReadFS sig m, Has Diagnostics sig m) => GomodulesProject -> GoDynamicTactic -> m DependencyResults
 getDeps project goDynamicTactic = do
   (graph, graphBreadth) <- context "Gomodules" $ dynamicAnalysis <||> staticAnalysis
   stdlib <- recover . context "Collect go standard library information" . listGoStdlibPackages $ gomodulesDir project
@@ -90,25 +87,12 @@ getDeps project goDynamicTactic = do
     staticAnalysis :: (Has Exec sig m, Has ReadFS sig m, Has Diagnostics sig m) => m (Graphing Dependency, GraphBreadth)
     staticAnalysis = context "Static analysis" (Gomod.analyze' (gomodulesGomod project))
 
-    dynamicAnalysis :: (Has Exec sig m, Has Logger sig m, Has Diagnostics sig m) => m (Graphing Dependency, GraphBreadth)
+    dynamicAnalysis :: (Has Exec sig m, Has Diagnostics sig m) => m (Graphing Dependency, GraphBreadth)
     dynamicAnalysis =
       context "Dynamic analysis" $ do
         when (goDynamicTactic == GoPackagesBasedTactic) $
           warn @Text
             "--experimental-use-v3-go-resolver is now deprecated because the v3 resolver is the default. \
             \This option will be removed in a future release and result in an error."
 
-        res <- context "analysis using go list (V3 Resolver)" (GoListPackages.analyze (gomodulesDir project))
-
-        logInfo $
-          redText "NOTE: "
-            <> nest
-              1
-              ( pretty (toText . gomodulesDir $ project)
-                  <> " analyzed using V3 Go Resolver."
-                  <> line
-                  <> "As of v3.8.5 we have changed our dynamic Go strategy. If you've analyzed this project before, results may have changed."
-                  <> line
-                  <> "See https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/golang/v3-go-resolver-transition-qa.md for more information."
-              )
-        pure res
+        context "analysis using go list (V3 Resolver)" (GoListPackages.analyze (gomodulesDir project))