Skip to content

Commit 8c02149

Browse files
author
Nathan Gillett
committed
fix deps scan CI: OSV binary download URL
Download the raw osv-scanner release binary instead of a missing tarball and allow repos without lockfiles to pass the OSV gate. Signed-off-by: Nathan Gillett <nathan@intentproof.io>
1 parent 7f9f3bc commit 8c02149

1 file changed

Lines changed: 7 additions & 4 deletions

File tree

scripts/run-osv-scanner-gate.sh

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,16 @@ if ! command -v osv-scanner >/dev/null 2>&1; then
1313
aarch64 | arm64) arch=linux_arm64 ;;
1414
x86_64 | amd64) arch=linux_amd64 ;;
1515
esac
16+
tmp="$(mktemp)"
1617
curl -sSfL \
17-
"https://github.com/google/osv-scanner/releases/download/${OSV_VERSION}/osv-scanner_${OSV_VERSION#v}_${arch}.tar.gz" \
18-
| tar -xz
19-
sudo install -m 755 osv-scanner /usr/local/bin/osv-scanner
18+
"https://github.com/google/osv-scanner/releases/download/${OSV_VERSION}/osv-scanner_${arch}" \
19+
-o "$tmp"
20+
chmod +x "$tmp"
21+
sudo install -m 755 "$tmp" /usr/local/bin/osv-scanner
22+
rm -f "$tmp"
2023
fi
2124

22-
args=(scan source --recursive --format=table --no-call-analysis)
25+
args=(scan source --recursive --format=table --no-call-analysis --allow-no-lockfiles)
2326
if [[ -f "$CONFIG" ]]; then
2427
args+=(--config="$CONFIG")
2528
fi

0 commit comments

Comments
 (0)