Skip to content

feat(local): support including and excluding malware advisories#2449

Closed
G-Rath wants to merge 2 commits intogoogle:mainfrom
ackama:perf/skip-malware
Closed

feat(local): support including and excluding malware advisories#2449
G-Rath wants to merge 2 commits intogoogle:mainfrom
ackama:perf/skip-malware

Conversation

@G-Rath
Copy link
Copy Markdown
Collaborator

@G-Rath G-Rath commented Jan 8, 2026
edited
Loading

This adds an experimental flag for controlling how malware advisories (MAL-) are loaded as these advisories are very easy to create and are very common in some ecosystems e.g. of the 214057 advisories in the NPM database, only 4410 are actual vulnerabilities - the remaining 209647 are MAL.

Skipping these advisories entirely can greatly reduce the time taken and memory used when doing offline scans

@G-Rath G-Rath force-pushed the perf/skip-malware branch 2 times, most recently from adf55e6 to 76be85d Compare January 9, 2026 00:54
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Jan 9, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 80.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.45%. Comparing base (25eccbf) to head (5de8899).
⚠️ Report is 143 commits behind head on main.

Files with missing lines Patch % Lines
cmd/osv-scanner/internal/helper/flags.go 50.00% 1 Missing and 1 partial ⚠️
...al/clients/clientimpl/localmatcher/localmatcher.go 66.66% 0 Missing and 1 partial ⚠️
internal/clients/clientimpl/localmatcher/zip.go 80.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2449      +/-   ##
==========================================
- Coverage   67.79%   66.45%   -1.35%     
==========================================
  Files         172      172              
  Lines       13301    13326      +25     
==========================================
- Hits         9018     8856     -162     
- Misses       3573     3687     +114     
- Partials      710      783      +73

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@G-Rath G-Rath force-pushed the perf/skip-malware branch from 76be85d to 5de8899 Compare January 9, 2026 01:38
@G-Rath
Copy link
Copy Markdown
Collaborator Author

G-Rath commented Jan 9, 2026

I'm not sure this is that useful now that #2450 has been landed as the cost of our automatic method of doing this has been decreased a great amount...

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 10, 2026

This pull request has not had any activity for 60 days and will be automatically closed in two weeks

@github-actions github-actions Bot added the stale The issue or PR is stale and pending automated closure label Mar 10, 2026
@G-Rath
Copy link
Copy Markdown
Collaborator Author

G-Rath commented Mar 10, 2026

yeah this hopefully isn't needed anymore

@G-Rath G-Rath closed this Mar 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

stale The issue or PR is stale and pending automated closure

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@G-Rath @codecov-commenter