Fixes linter warnings

README.md

@@ -56,7 +56,7 @@ For example workflow runs, check out our
 | **Parameter**              | **Description**                                                                                                                                          | **Required** | **Default**                          | 
 |----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------|--------------------------------------|
 | output.filepath            | Scan output file name.                                                                                                                                   | Optional     | `results.json`                       |
-| sbom.enabled               | Enable or disable scanning based on the SBOM file                                                                                                        | Optional     | `true`                               |
+| sbom.enabled               | Enable or disable scanning based on the SBOM file. 'scanossSettings' must be disabled for sbom file to work.                                             | Optional     | `false`                              |
 | sbom.filepath              | Filepath of the SBOM file to be used for scanning                                                                                                        | Optional     | `sbom.json`                          |
 | sbom.type                  | Type of SBOM operation: either 'identify' or 'ignore                                                                                                     | Optional     | `identify`                           |
 | dependencies.enabled       | Option to enable or disable scanning of dependencies.                                                                                                    | Optional     | `false`                              |

__tests__/copyleft-argument-builder.test.ts

@@ -1,32 +1,27 @@
-import {
-  COPYLEFT_LICENSE_EXCLUDE,
-  COPYLEFT_LICENSE_EXPLICIT,
-  COPYLEFT_LICENSE_INCLUDE,
-  OUTPUT_FILEPATH,
-  REPO_DIR,
-  RUNTIME_CONTAINER
-} from '../src/app.input';
 import { CopyLeftArgumentBuilder } from '../src/policies/argument_builders/copyleft-argument-builder';
+import { RUNTIME_CONTAINER } from '../src/app.input';
 
+jest.mock('../src/app.input', () => ({
+  ...jest.requireActual('../src/app.input'),
+  REPO_DIR: 'scanoss',
+  OUTPUT_FILEPATH: 'results.json',
+  COPYLEFT_LICENSE_EXCLUDE: '',
+  COPYLEFT_LICENSE_EXPLICIT: '',
+  COPYLEFT_LICENSE_INCLUDE: ''
+}));
 describe('CopyleftArgumentBuilder', () => {
-  const defaultCopyleftLicenseExplicit = COPYLEFT_LICENSE_EXPLICIT;
-  const defaultCopyleftLicenseExclude = COPYLEFT_LICENSE_EXCLUDE;
-  const defaultCopyleftLicenseInclude = COPYLEFT_LICENSE_INCLUDE;
+  // Store the module for direct manipulation
+  const appInput = jest.requireMock('../src/app.input');
 
   afterEach(() => {
-    // Restore all mocks
-    jest.restoreAllMocks();
-    (COPYLEFT_LICENSE_EXPLICIT as any) = defaultCopyleftLicenseExplicit;
-    (COPYLEFT_LICENSE_EXCLUDE as any) = defaultCopyleftLicenseExclude;
-    (COPYLEFT_LICENSE_INCLUDE as any) = defaultCopyleftLicenseInclude;
+    appInput.COPYLEFT_LICENSE_EXPLICIT = '';
+    appInput.COPYLEFT_LICENSE_EXCLUDE = '';
+    appInput.COPYLEFT_LICENSE_INCLUDE = '';
   });
 
   it('Copyleft explicit test', async () => {
-    (COPYLEFT_LICENSE_EXPLICIT as any) = 'MIT,Apache-2.0';
-    (COPYLEFT_LICENSE_EXCLUDE as any) = 'MIT,Apache-2.0';
-    (REPO_DIR as any) = 'scanoss';
-    (OUTPUT_FILEPATH as any) = 'results.json';
-
+    appInput.COPYLEFT_LICENSE_EXPLICIT = 'MIT,Apache-2.0';
+    appInput.COPYLEFT_LICENSE_EXCLUDE = 'MIT,Apache-2.0';
     const builder = new CopyLeftArgumentBuilder();
     const cmd = await builder.build();
     expect(cmd).toEqual([
@@ -46,9 +41,7 @@ describe('CopyleftArgumentBuilder', () => {
   });
 
   it('Copyleft exclude test', async () => {
-    (COPYLEFT_LICENSE_EXCLUDE as any) = 'MIT,Apache-2.0';
-    (REPO_DIR as any) = 'scanoss';
-    (OUTPUT_FILEPATH as any) = 'results.json';
+    appInput.COPYLEFT_LICENSE_EXCLUDE = 'MIT,Apache-2.0';
     const builder = new CopyLeftArgumentBuilder();
     const cmd = await builder.build();
     expect(cmd).toEqual([
@@ -68,9 +61,7 @@ describe('CopyleftArgumentBuilder', () => {
   });
 
   it('Copyleft include test', async () => {
-    (COPYLEFT_LICENSE_INCLUDE as any) = 'MIT,Apache-2.0,LGPL-3.0-only';
-    (REPO_DIR as any) = 'scanoss';
-    (OUTPUT_FILEPATH as any) = 'results.json';
+    appInput.COPYLEFT_LICENSE_INCLUDE = 'MIT,Apache-2.0,LGPL-3.0-only';
     const builder = new CopyLeftArgumentBuilder();
     const cmd = await builder.build();
     expect(cmd).toEqual([
@@ -90,8 +81,6 @@ describe('CopyleftArgumentBuilder', () => {
   });
 
   it('Copyleft empty parameters test', async () => {
-    (REPO_DIR as any) = 'scanoss';
-    (OUTPUT_FILEPATH as any) = 'results.json';
     const builder = new CopyLeftArgumentBuilder();
     const cmd = await builder.build();
     expect(cmd).toEqual([
@@ -109,8 +98,6 @@ describe('CopyleftArgumentBuilder', () => {
   });
 
   it('Build Command test', async () => {
-    (REPO_DIR as any) = 'scanoss';
-    (OUTPUT_FILEPATH as any) = 'results.json';
     const builder = new CopyLeftArgumentBuilder();
     const cmd = await builder.build();
     expect(cmd).toEqual([

__tests__/copyleft-policy-check.test.ts

@@ -1,13 +1,15 @@
 import path from 'path';
-import {
-  COPYLEFT_LICENSE_EXCLUDE,
-  COPYLEFT_LICENSE_EXPLICIT,
-  COPYLEFT_LICENSE_INCLUDE,
-  OUTPUT_FILEPATH,
-  REPO_DIR
-} from '../src/app.input';
 import { CopyleftPolicyCheck } from '../src/policies/copyleft-policy-check';
-import { CONCLUSION, PolicyCheck } from '../src/policies/policy-check';
+import { CONCLUSION } from '../src/policies/policy-check';
+
+jest.mock('../src/app.input', () => ({
+  ...jest.requireActual('../src/app.input'),
+  REPO_DIR: '',
+  OUTPUT_FILEPATH: 'results.json',
+  COPYLEFT_LICENSE_EXCLUDE: '',
+  COPYLEFT_LICENSE_EXPLICIT: '',
+  COPYLEFT_LICENSE_INCLUDE: ''
+}));
 
 // Mock the @actions/github module
 jest.mock('@actions/github', () => ({
@@ -32,25 +34,21 @@ jest.mock('@actions/github', () => ({
 }));
 
 describe('CopyleftPolicyCheck', () => {
-  const defaultCopyleftLicenseExplicit = COPYLEFT_LICENSE_EXPLICIT;
-  const defaultCopyleftLicenseExclude = COPYLEFT_LICENSE_EXCLUDE;
-  const defaultCopyleftLicenseInclude = COPYLEFT_LICENSE_INCLUDE;
+  const appInput = jest.requireMock('../src/app.input');
 
   afterEach(() => {
-    // Restore all mocks
-    jest.restoreAllMocks();
-    (COPYLEFT_LICENSE_EXPLICIT as any) = defaultCopyleftLicenseExplicit;
-    (COPYLEFT_LICENSE_EXCLUDE as any) = defaultCopyleftLicenseExclude;
-    (COPYLEFT_LICENSE_INCLUDE as any) = defaultCopyleftLicenseInclude;
+    appInput.COPYLEFT_LICENSE_EXPLICIT = '';
+    appInput.COPYLEFT_LICENSE_EXCLUDE = '';
+    appInput.COPYLEFT_LICENSE_INCLUDE = '';
   });
 
   it('Copyleft policy check fail', async () => {
     const TEST_DIR = __dirname;
     const TEST_REPO_DIR = path.join(TEST_DIR, 'data');
     const TEST_RESULTS_FILE = 'results.json';
 
-    (REPO_DIR as any) = TEST_REPO_DIR;
-    (OUTPUT_FILEPATH as any) = TEST_RESULTS_FILE;
+    appInput.REPO_DIR = TEST_REPO_DIR;
+    appInput.OUTPUT_FILEPATH = TEST_RESULTS_FILE;
 
     jest.spyOn(CopyleftPolicyCheck.prototype, 'uploadArtifact').mockImplementation(async () => {
       return Promise.resolve({ id: 123456 });
@@ -69,9 +67,9 @@ describe('CopyleftPolicyCheck', () => {
     const TEST_REPO_DIR = path.join(TEST_DIR, 'data');
     const TEST_RESULTS_FILE = 'results.json';
 
-    (REPO_DIR as any) = TEST_REPO_DIR;
-    (OUTPUT_FILEPATH as any) = TEST_RESULTS_FILE;
-    (COPYLEFT_LICENSE_EXCLUDE as any) = 'GPL-2.0-only';
+    appInput.REPO_DIR = TEST_REPO_DIR;
+    appInput.OUTPUT_FILEPATH = TEST_RESULTS_FILE;
+    appInput.COPYLEFT_LICENSE_EXCLUDE = 'GPL-2.0-only';
 
     jest.spyOn(CopyleftPolicyCheck.prototype, 'uploadArtifact').mockImplementation(async () => {
       return Promise.resolve({ id: 123456 });
@@ -90,9 +88,9 @@ describe('CopyleftPolicyCheck', () => {
     const TEST_REPO_DIR = path.join(TEST_DIR, 'data');
     const TEST_RESULTS_FILE = 'results.json';
 
-    (REPO_DIR as any) = TEST_REPO_DIR;
-    (OUTPUT_FILEPATH as any) = TEST_RESULTS_FILE;
-    (COPYLEFT_LICENSE_EXPLICIT as any) = 'MIT,Apache-2.0';
+    appInput.REPO_DIR = TEST_REPO_DIR;
+    appInput.OUTPUT_FILEPATH = TEST_RESULTS_FILE;
+    appInput.COPYLEFT_LICENSE_EXPLICIT = 'MIT,Apache-2.0';
 
     jest.spyOn(CopyleftPolicyCheck.prototype, 'uploadArtifact').mockImplementation(async () => {
       return Promise.resolve({ id: 123456 });

__tests__/scan-service.test.ts

@@ -1,9 +1,19 @@
-import { OUTPUT_FILEPATH, RUNTIME_CONTAINER } from '../src/app.input';
+import { RUNTIME_CONTAINER } from '../src/app.input';
 import { ScanService } from '../src/services/scan.service';
 import fs from 'fs';
 import path from 'path';
 
+jest.mock('../src/app.input', () => ({
+  ...jest.requireActual('../src/app.input'),
+  REPO_DIR: '',
+  OUTPUT_FILEPATH: 'results.json',
+  COPYLEFT_LICENSE_EXCLUDE: '',
+  COPYLEFT_LICENSE_EXPLICIT: '',
+  COPYLEFT_LICENSE_INCLUDE: ''
+}));
+
 describe('ScanService', () => {
+  const appInput = jest.requireMock('../src/app.input');
   it('should correctly return the dependency scope command', () => {
     const service = new ScanService({
       outputFilepath: '',
@@ -102,7 +112,7 @@ describe('ScanService', () => {
   });
 
   it('Should scan dependencies', async () => {
-    (OUTPUT_FILEPATH as any) = 'test-results.json';
+    appInput.OUTPUT_FILEPATH = 'test-results.json';
     const TEST_DIR = __dirname;
     const resultPath = path.join(TEST_DIR, 'data', 'test-results.json');
     const service = new ScanService({

__tests__/undeclared-argument-builder.test.ts

@@ -1,10 +1,25 @@
-import { OUTPUT_FILEPATH, REPO_DIR, RUNTIME_CONTAINER, SCANOSS_SETTINGS } from '../src/app.input';
+import { RUNTIME_CONTAINER } from '../src/app.input';
 import { UndeclaredArgumentBuilder } from '../src/policies/argument_builders/undeclared-argument-builder';
 
+jest.mock('../src/app.input', () => ({
+  ...jest.requireActual('../src/app.input'),
+  REPO_DIR: '',
+  OUTPUT_FILEPATH: 'results.json',
+  COPYLEFT_LICENSE_EXCLUDE: '',
+  COPYLEFT_LICENSE_EXPLICIT: '',
+  COPYLEFT_LICENSE_INCLUDE: '',
+  SCANOSS_SETTINGS: true,
+  SBOM_ENABLED: false
+}));
+
 describe('UndeclaredArgumentBuilder', () => {
+  const appInput = jest.requireMock('../src/app.input');
+
   it('Build Command test', async function () {
-    (REPO_DIR as any) = 'repodir';
-    (OUTPUT_FILEPATH as any) = 'results.json';
+    appInput.REPO_DIR = 'repodir';
+    appInput.OUTPUT_FILEPATH = 'results.json';
+    appInput.SCANOSS_SETTINGS = false;
+    appInput.SBOM_ENABLED = true;
     const builder = new UndeclaredArgumentBuilder();
     const cmd = await builder.build();
     expect(cmd).toEqual([
@@ -24,9 +39,9 @@ describe('UndeclaredArgumentBuilder', () => {
   });
 
   it('Build Command style scanoss.json', async function () {
-    (REPO_DIR as any) = 'repodir';
-    (OUTPUT_FILEPATH as any) = 'results.json';
-    (SCANOSS_SETTINGS as any) = true;
+    appInput.REPO_DIR = 'repodir';
+    appInput.OUTPUT_FILEPATH = 'results.json';
+    appInput.SCANOSS_SETTINGS = true;
     const builder = new UndeclaredArgumentBuilder();
     const cmd = await builder.build();
     expect(cmd).toEqual([

__tests__/undeclared-policy-check.test.ts

@@ -1,10 +1,16 @@
 import { CONCLUSION, PolicyCheck } from '../src/policies/policy-check';
-import { ScannerResults } from '../src/services/result.interfaces';
-import { resultsMock } from './results.mock';
 import { UndeclaredPolicyCheck } from '../src/policies/undeclared-policy-check';
-import { OUTPUT_FILEPATH, REPO_DIR } from '../src/app.input';
 import path from 'path';
 
+jest.mock('../src/app.input', () => ({
+  ...jest.requireActual('../src/app.input'),
+  REPO_DIR: '',
+  OUTPUT_FILEPATH: 'results.json',
+  COPYLEFT_LICENSE_EXCLUDE: '',
+  COPYLEFT_LICENSE_EXPLICIT: '',
+  COPYLEFT_LICENSE_INCLUDE: ''
+}));
+
 // Mock the @actions/github module
 jest.mock('@actions/github', () => ({
   context: {
@@ -23,8 +29,8 @@ jest.mock('@actions/github', () => ({
 }));
 
 describe('UndeclaredPolicyCheck', () => {
-  let scannerResults: ScannerResults;
   let undeclaredPolicyCheck: UndeclaredPolicyCheck;
+  const appInput = jest.requireMock('../src/app.input');
 
   beforeEach(() => {
     jest.clearAllMocks();
@@ -34,8 +40,6 @@ describe('UndeclaredPolicyCheck', () => {
     jest.spyOn(PolicyCheck.prototype, 'initStatus').mockImplementation();
     jest.spyOn(UndeclaredPolicyCheck.prototype, 'updateCheck').mockImplementation();
 
-    scannerResults = JSON.parse(resultsMock[3].content);
-
     undeclaredPolicyCheck = new UndeclaredPolicyCheck();
   }, 30000);
 
@@ -45,8 +49,8 @@ describe('UndeclaredPolicyCheck', () => {
     const TEST_RESULTS_FILE = 'empty-results.json';
 
     // Set the required environment variables
-    (REPO_DIR as any) = TEST_REPO_DIR;
-    (OUTPUT_FILEPATH as any) = TEST_RESULTS_FILE;
+    appInput.REPO_DIR = TEST_REPO_DIR;
+    appInput.OUTPUT_FILEPATH = TEST_RESULTS_FILE;
 
     await undeclaredPolicyCheck.run();
     expect(undeclaredPolicyCheck.conclusion).toEqual(CONCLUSION.Success);
@@ -58,8 +62,8 @@ describe('UndeclaredPolicyCheck', () => {
     const TEST_RESULTS_FILE = 'results.json';
 
     // Set the required environment variables
-    (REPO_DIR as any) = TEST_REPO_DIR;
-    (OUTPUT_FILEPATH as any) = TEST_RESULTS_FILE;
+    appInput.REPO_DIR = TEST_REPO_DIR;
+    appInput.OUTPUT_FILEPATH = TEST_RESULTS_FILE;
 
     await undeclaredPolicyCheck.run();
     expect(undeclaredPolicyCheck.conclusion).toEqual(CONCLUSION.Neutral);

action.yml

@@ -17,7 +17,7 @@ inputs:
   sbom.enabled:
     description: 'Enable SBOM Identify'
     required: false
-    default: true
+    default: false
   sbom.filepath:
     description: 'SBOM filepath'
     required: false

src/services/scan.service.ts

@@ -344,6 +344,10 @@ export class ScanService {
    * @private
    */
   private async detectSBOM(): Promise<string[]> {
+    if (this.options.scanossSettings && this.options.sbomEnabled) {
+      core.warning(`sbom and SCANOSS settings cannot be both enabled`);
+    }
+
     // Overrides sbom file if is set
     if (this.options.scanossSettings) {
       core.debug(`[SCANOSS SETTINGS ENABLED] ${this.options.sbomFilepath}, ${this.options.sbomFilepath}`);