Skip to content

Commit 1c46134

Browse files
google-labs-jules[bot]another-rex
google-labs-jules[bot]
and
another-rex
committed
ci: split tests into separate workflow to avoid running on irrelevant changes
Moved the `prepare_test_image_testdata`, `tests`, and `docker` jobs from `checks.yml` into a new `tests.yml` workflow file. Configured `paths-ignore` for the `tests.yml` workflow so that these long-running tests are skipped if changes only affect markdown files, documentation, or other unrelated GitHub Actions workflows. This prevents unnecessary test runs while still executing quick lint and formatting checks in `checks.yml`. Additionally, fixed zizmor alerts for cache poisoning and credential persistence in the docker job, and formatted the new file with prettier. Fixed out-of-date test snapshots that were causing CI failures. Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com>
1 parent 59dce7c commit 1c46134

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

cmd/osv-scanner/scan/source/__snapshots__/command_test.snap

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -897,7 +897,7 @@ Scanned <rootdir>/testdata/sbom-insecure/with-duplicates.cdx.xml file and found
897897
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
898898
Filtered 10 local/unscannable package/s from the scan.
899899

900-
Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 56 Medium, 3 Low, 24 Unknown) from 4 ecosystems.
900+
Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 56 Medium, 4 Low, 23 Unknown) from 4 ecosystems.
901901
11 vulnerabilities can be fixed.
902902

903903
+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+
@@ -1109,7 +1109,7 @@ Total 26 packages affected by 181 known vulnerabilities (20 Critical, 78 High, 5
11091109
| https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
11101110
| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
11111111
| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
1112-
| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
1112+
| https://osv.dev/DEBIAN-CVE-2026-3184 | 3.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
11131113
| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
11141114
| https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
11151115
| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
@@ -2156,7 +2156,7 @@ Filtered 8 vulnerabilities from output
21562156
testdata/osv-scanner-partial-ignores-config.toml has unused ignores:
21572157
- CVE-2019-5188
21582158

2159-
Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 55 Medium, 3 Low, 24 Unknown) from 4 ecosystems.
2159+
Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 55 Medium, 4 Low, 23 Unknown) from 4 ecosystems.
21602160
10 vulnerabilities can be fixed.
21612161

21622162
+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+---------------------------------------------------------------------+
@@ -2360,7 +2360,7 @@ Total 24 packages affected by 175 known vulnerabilities (20 Critical, 73 High, 5
23602360
| https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
23612361
| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
23622362
| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2363-
| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2363+
| https://osv.dev/DEBIAN-CVE-2026-3184 | 3.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
23642364
| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
23652365
| https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
23662366
| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
@@ -2387,7 +2387,7 @@ Filtered 6 vulnerabilities from output
23872387
testdata/osv-scanner-partial-ignores-config.toml has unused ignores:
23882388
- CVE-2019-5188
23892389

2390-
Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 53 Medium, 3 Low, 24 Unknown) from 3 ecosystems.
2390+
Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 53 Medium, 4 Low, 23 Unknown) from 3 ecosystems.
23912391
10 vulnerabilities can be fixed.
23922392

23932393
+---------------------------------------+------+-----------+--------------------------------+------------------------------------+-----------------------------------+-------------------------------------------------+
@@ -2585,7 +2585,7 @@ Total 22 packages affected by 169 known vulnerabilities (18 Critical, 71 High, 5
25852585
| https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
25862586
| https://osv.dev/DSA-5650-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
25872587
| https://osv.dev/DEBIAN-CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2588-
| https://osv.dev/DEBIAN-CVE-2026-3184 | | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
2588+
| https://osv.dev/DEBIAN-CVE-2026-3184 | 3.7 | Debian | util-linux | 2.29.2-1+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
25892589
| https://osv.dev/DSA-5123-1 | 8.8 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
25902590
| https://osv.dev/DSA-5895-1 | 8.7 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
25912591
| https://osv.dev/DEBIAN-CVE-2024-3094 | 10.0 | Debian | xz-utils | 5.2.2-1.2+deb9u1 | -- | testdata/sbom-insecure/postgres-stretch.cdx.xml |
@@ -3356,7 +3356,7 @@ Warning: plugin transitivedependency/pomxml can be risky when run on untrusted a
33563356
Scanned <rootdir>/testdata/locks-insecure/osv-scanner-custom-git-tag.json file and found 1 package
33573357
Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
33583358

3359-
Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
3359+
Total 1 package affected by 40 known vulnerabilities (4 Critical, 16 High, 20 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
33603360
0 vulnerabilities can be fixed.
33613361

33623362
+--------------------------------+------+-----------+----------------------------+---------------+---------------+---------------------------------------------------------+
@@ -3393,7 +3393,7 @@ Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Me
33933393
| https://osv.dev/CVE-2024-4741 | 7.5 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |
33943394
| https://osv.dev/CVE-2024-5535 | 9.1 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |
33953395
| https://osv.dev/CVE-2024-9143 | 4.3 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |
3396-
| https://osv.dev/CVE-2025-15467 | 9.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |
3396+
| https://osv.dev/CVE-2025-15467 | 8.8 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |
33973397
| https://osv.dev/CVE-2025-68160 | 4.7 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |
33983398
| https://osv.dev/CVE-2025-69418 | 4.0 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |
33993399
| https://osv.dev/CVE-2025-69419 | 7.4 | GIT | github.com/openssl/openssl | openssl-3.0.4 | -- | testdata/locks-insecure/osv-scanner-custom-git-tag.json |

0 commit comments

Comments
 (0)