Skip to content

Add image scope scanning option to the Linux detector #1621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
grvillic merged 2 commits into from
Feb 3, 2026
Merged

Add image scope scanning option to the Linux detector #1621

grvillic merged 2 commits into from
Feb 3, 2026
+192 −9

Conversation

@grvillic
Copy link
Collaborator

@grvillic grvillic commented Feb 3, 2026

Reverts #1613

Add the ability to configure the image scanning scope used by Syft for the Linux detector.

This allows your to pass in the argument --DetectorArgs Linux.ImageScanScope=squashed to have the detector invoke Syft with --scope squashed instead of the default of --scope all-layers.

If components from all layers are not needed, squashed has significant performance benefits.

@grvillic grvillic requested a review from a team as a code owner February 3, 2026 06:31
@grvillic grvillic enabled auto-merge (squash) February 3, 2026 06:32
@codecov
Copy link

codecov bot commented Feb 3, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 98.23009% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.2%. Comparing base (e2c9188) to head (65075f5).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...ion.Detectors.Tests/LinuxContainerDetectorTests.cs 93.5% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@          Coverage Diff           @@
##            main   #1621    +/-   ##
======================================
  Coverage   90.2%   90.2%            
======================================
  Files        437     437            
  Lines      37801   37905   +104     
  Branches    2324    2330     +6     
======================================
+ Hits       34121   34228   +107     
+ Misses      3203    3199     -4     
- Partials     477     478     +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed Feb 3, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a configurable Syft image scanning scope to the Linux detector so callers can switch from the default all-layers scan to squashed for improved performance when scanning all layers isn’t needed.

Changes:

  • Introduces LinuxScannerScope and threads it through LinuxContainerDetector -> ILinuxScanner -> LinuxScanner to control Syft’s --scope flag.
  • Parses Linux.ImageScanScope from --DetectorArgs (defaulting to all-layers) and adds/updates unit tests for scope handling.
  • Documents the new detector argument in the Linux detector docs.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
test/Microsoft.ComponentDetection.Detectors.Tests/LinuxScannerTests.cs Updates existing calls to include scope and adds tests asserting correct --scope flag behavior.
test/Microsoft.ComponentDetection.Detectors.Tests/LinuxContainerDetectorTests.cs Adds coverage ensuring detector args drive the scope passed into the scanner.
src/Microsoft.ComponentDetection.Detectors/linux/LinuxScannerScope.cs Defines the new scope enum (AllLayers, Squashed).
src/Microsoft.ComponentDetection.Detectors/linux/LinuxScanner.cs Builds the Syft command using scope-specific arguments and validates enum values.
src/Microsoft.ComponentDetection.Detectors/linux/LinuxContainerDetector.cs Reads Linux.ImageScanScope from detector args and passes it through the scan pipeline.
src/Microsoft.ComponentDetection.Detectors/linux/ILinuxScanner.cs Extends the scanner interface to accept the new scope parameter.
docs/detectors/linux.md Documents the new Linux.ImageScanScope argument and its expected values.

@grvillic grvillic merged commit 74a7efc into main Feb 3, 2026
24 checks passed
@grvillic grvillic deleted the revert-1613-revert-1600-users/jasonpaulos/add-linux-syft-scope-param branch February 3, 2026 17:00
@github-actions
Copy link

github-actions bot commented Feb 3, 2026

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

@grvillic grvillic mentioned this pull request Feb 6, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JamieMagee JamieMagee JamieMagee approved these changes

@jasonpaulos jasonpaulos Awaiting requested review from jasonpaulos jasonpaulos is a code owner automatically assigned from microsoft/ose-component-detection-maintainers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@grvillic @JamieMagee