use the new Coana CLI flag --purl-types instead of computing --reach-ecosystems to legacy Coana-compatible advisory ecosystems

mtorp · mtorp · commit 1ea9f548064c · 2025-08-15T10:45:29.000+02:00
diff --git a/src/commands/scan/perform-reachability-analysis.mts b/src/commands/scan/perform-reachability-analysis.mts
@@ -4,12 +4,11 @@ import {
   extractTier1ReachabilityScanId,
   spawnCoana,
 } from '../../utils/coana.mts'
-import { convertToCoanaEcosystems } from '../../utils/ecosystem.mts'
 import { setupSdk } from '../../utils/sdk.mts'
 
 import type { CResult } from '../../types.mts'
-import type { PURL_Type } from '../../utils/ecosystem.mts'
 import type { Spinner } from '@socketsecurity/registry/lib/spinner'
+import type { PURL_Type } from '../../utils/ecosystem.mts'
 
 export type ReachabilityOptions = {
   reachDisableAnalytics: boolean
@@ -141,10 +140,7 @@ export async function performReachabilityAnalysis(
       : []),
     // empty reachEcosystems implies scan all ecosystems
     ...(reachabilityOptions.reachEcosystems.length
-      ? [
-          '--ecosystems',
-          ...convertToCoanaEcosystems(reachabilityOptions.reachEcosystems),
-        ]
+      ? ['--purl-types', ...reachabilityOptions.reachEcosystems]
       : []),
     ...(reachabilityOptions.reachExcludePaths.length
       ? ['--exclude-dirs', reachabilityOptions.reachExcludePaths.join(' ')]
diff --git a/src/utils/ecosystem.mts b/src/utils/ecosystem.mts
@@ -55,53 +55,8 @@ export type _Check_ALL_ECOSYSTEMS_has_all_purl_types =
 export type _Check_ALL_ECOSYSTEMS_has_no_extras =
   ExpectNever<ExtraInAllEcosystems>
 
-const COANA_SUPPORTED_LIST = [
-  'composer',
-  'hex',
-  'github',
-  'golang',
-  'maven',
-  'npm',
-  'nuget',
-  'pypi',
-  'pub',
-  'gem',
-  'cargo',
-  'swift',
-] as const satisfies readonly PURL_Type[]
-
 export const ALL_SUPPORTED_ECOSYSTEMS = new Set<string>(ALL_ECOSYSTEMS)
 
-export const COANA_SUPPORTED_ECOSYSTEMS = new Set<string>(COANA_SUPPORTED_LIST)
-
-/**
- * Ecosystems/Purl types are slightly different in Coana.  This function converts
- * the PURL_Type[] to a string of Coana compatible ecosystem names. Ecosystems that
- * are not supported by Coana are ignored.
- */
-export function convertToCoanaEcosystems(ecosystems: PURL_Type[]): string[] {
-  return ecosystems
-    .filter(ecosystem => COANA_SUPPORTED_ECOSYSTEMS.has(ecosystem as PURL_Type))
-    .map(ecosystem => {
-      switch (ecosystem) {
-        case 'cargo':
-          return 'RUST'
-        case 'gem':
-          return 'RUBYGEMS'
-        case 'github':
-          return 'ACTIONS'
-        case 'golang':
-          return 'GO'
-        case 'hex':
-          return 'ERLANG'
-        case 'pypi':
-          return 'PIP'
-        default:
-          return ecosystem.toUpperCase()
-      }
-    })
-}
-
 export function getEcosystemChoicesForMeow(): string[] {
   return [...ALL_ECOSYSTEMS]
 }
