feat(ostest): auto-detect C/C++ artefacts, run unmanaged scan alongside managed [IDE-2089]#251
Open
acke wants to merge 1 commit into
Open
feat(ostest): auto-detect C/C++ artefacts, run unmanaged scan alongside managed [IDE-2089]#251acke wants to merge 1 commit into
acke wants to merge 1 commit into
Conversation
…gside managed [IDE-2089]
Adds `pkg/unmanaged/detect.HasCPPArtefacts` — a bounded directory walker
that short-circuits on the first C/C++ source, header, build file, or
*.mk file. Skip-list, file-count cap, and depth cap mirror the
detection that previously lived in snyk-ls so the cost stays in the
single-digit ms range on cold caches.
Wires that detector into `OSWorkflow` behind a new
`SNYK_AUTODETECT_OSS` env-var gate. When opted in and `--unmanaged`
was not already passed:
- inspect each input directory for C/C++ artefacts
- if any are found, invoke `legacycli` with `--unmanaged` after the
managed scan and append its workflow.Data to the managed output
Off by default — flip to opt-in users (initially snyk-ls, via a
follow-up) without disturbing existing CLI flows.
Limitation called out in the file: the legacy CLI's workflow.Data
carries its own content type, so for mixed-content projects the
unmanaged and managed results render as separate sections rather than
a single unified report. A future native `unmanaged.test` workflow can
replace the legacy invocation and produce one merged structured
output.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
This was referenced May 31, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Moves C/C++ project detection from snyk-ls into os-flows and wires it into
OSWorkflowso a folder with both a manifest and C/C++ files gets scanned both ways automatically — eliminating the IDE's per-folder "switch to unmanaged mode?" prompt and toggle.What lands here
pkg/unmanaged/detect.HasCPPArtefacts(root) bool— bounded directory walker (max 5000 entries, depth 6, skip-list fornode_modules/vendor/cmake-build-*/ VCS / common build outputs). Short-circuits on the first C/C++ source, header (.c/.cc/.cpp/.cxx/.h/.hpp/.hxx/.ipp/.tpp/.tcc/.inl…), recognised build-system filename (CMakeLists.txt,Makefile,meson.build,configure.ac…), or*.mk. Ported fromsnyk-ls/infrastructure/oss/unmanaged_detect.goso it lives next to the rest of the OSS routing.internal/constants/constants.go—AutodetectOSSEnvVar = "SNYK_AUTODETECT_OSS".internal/commands/ostest/autodetect.go—autoDetectEnabled()parses the env var,detectCPPDirs(dirs)filters input directories,invokeLegacyUnmanagedScan(ctx)clones the config, injects--unmanagedintoRAW_CMD_ARGS, setsWORKFLOW_USE_STDIO=false, and invokes thelegacycliworkflow.internal/commands/ostest/workflow.go— after the managed scan returns, ifSNYK_AUTODETECT_OSSis truthy and--unmanagedwasn't already passed, runs the detector; on any C/C++ hit, runs the unmanaged scan via the legacy CLI and appends itsworkflow.Datato the managed output. Errors from the unmanaged scan are logged and swallowed — the managed result still ships.pkg/unmanaged/detect/cpp_test.gocovers positives, negatives, skip-dirs, case-insensitive extensions;internal/commands/ostest/autodetect_test.gocovers env-var parsing, dir-filtering, arg dedup.How the new flow looks
Why off-by-default
Off unless
SNYK_AUTODETECT_OSSis truthy. Lets us roll out without disturbing existing CLI users: directsnyk testagainst a folder with stray.cppfiles (e.g. native node modules) keeps behaving exactly as today. snyk-ls opts every OSS scan in via the companion PR.Limitation
A Go-native
unmanaged.testworkflow does not yet exist anywhere — the env-var gate in earlier WIP referenced an identifier that was never registered. This PR therefore invokeslegacycli(TypeScript CLI) for the unmanaged half. The legacy CLI'sworkflow.Datacarries its own content type, so for mixed manifest + C/C++ folders the unmanaged and managed results render as two separate sections rather than as one unified report. When a native unmanaged workflow lands, the swap is local — just pointinvokeLegacyUnmanagedScanat the new workflow identifier.Companion PRs
SNYK_AUTODETECT_OSS=1for every OSS CLI invocation from the LS, and deletes the now-redundant per-foldersnyk_oss_unmanaged_enabledsetting, prompt UX, panel toggle, and re-arm logic.Jira: IDE-2089
Test plan
go test ./pkg/unmanaged/detect/... ./internal/commands/ostest/...— greengo test ./...— full repo greengo vet ./...— cleanSNYK_AUTODETECT_OSS=1 snyk testagainst a folder with bothpackage.jsonand.cppfiles — confirm both managed and unmanaged results appear.main.🤖 Generated with Claude Code