Merge pull request #183 from lacework/remove-deprecated-options

chore(COD-2736): remove deprecated options

Author: jeremydubreil

.lacework/codesec.yaml

@@ -0,0 +1,4 @@
+default:
+  sca:
+    enable-dynamic: true
+    enable-fast: true

README.md

@@ -48,7 +48,6 @@ jobs:
         uses: lacework/code-security-action@v1
         with:
           target: ${{ matrix.target }}
-          tools: sca # Comma-separated list of tool(s) to use for scanning. Current options are sca
   display-results:
     runs-on: ubuntu-20.04
     name: Display results
@@ -59,7 +58,6 @@ jobs:
         id: code-analysis
         uses: lacework/code-security-action@v1
         with:
-          tools: sca # Should be the same list of tools as above.
           token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
@@ -89,7 +87,6 @@ jobs:
         uses: lacework/code-security-action@v1
         with:
           target: push
-          tools: sca # Comma-separated list of tool(s) to use for scanning. Current options are sca
 ```
 
 ## License

action.yaml

@@ -2,11 +2,6 @@ name: 'lacework-code-security'
 description: "Scan code with Lacework's Code Security offering"
 author: 'Lacework'
 inputs:
-  classpath:
-    description: 'Specify the Java classpath'
-    required: false
-    default: ''
-    deprecationMessage: 'This option is not used anymore'
   sources:
     description: 'Sources directory to analyze'
     required: false
@@ -25,9 +20,8 @@ inputs:
     description: 'A block of Markdown that will be appended to any PR comments posted'
     required: false
   tools:
-    description: 'Comma separated list of tools to run'
     required: false
-    default: 'sca,sast'
+    deprecationMessage: 'This option is not used anymore'
   eval-indirect-dependencies:
     description: 'Show vulnerabilities found in transitive dependencies'
     required: false
@@ -36,10 +30,6 @@ inputs:
     description: 'Set to true to enable automated pull-requests for fix suggestions'
     required: false
     default: false
-  dynamic:
-    description: 'Set to true to integrate SCA results with dynamic data, such as package activity'
-    required: false
-    default: false
 outputs:
   old-completed:
     description: 'If running a target called old, whether the analysis for this was completed'
@@ -71,7 +61,6 @@ runs:
       shell: bash
       env:
         LACEWORK_ACTION_REF: '${{ github.action_ref }}'
-        TOOLS: '${{ inputs.tools }}'
       run: |
         LACEWORK_CONTEXT_ID=`echo $RANDOM | md5sum | head -c 32`
         echo "Lacework context ID: $LACEWORK_CONTEXT_ID"
@@ -81,10 +70,8 @@ runs:
         curl https://raw.githubusercontent.com/lacework/go-sdk/main/cli/install.sh | bash
         KEY="$(date +'%Y-%m-%d')"
         KEY="$KEY-$RUNNER_OS-$RUNNER_ARCH"
-        if [[ $TOOLS == *"sca"* ]]; then
-          KEY="$KEY-sca-$SCA_VERSION"
-          echo "sca-version=$SCA_VERSION" >> $GITHUB_OUTPUT
-        fi
+        KEY="$KEY-sca-$SCA_VERSION"
+        echo "sca-version=$SCA_VERSION" >> $GITHUB_OUTPUT
         HASH="$(echo $KEY | md5sum | head -c 8)"
         echo "cache-key=$HASH" >> $GITHUB_OUTPUT
     - id: cache
@@ -129,7 +116,6 @@ runs:
     - id: run-analysis
       uses: './../lacework-code-security'
       with:
-        classpath: '${{ inputs.classpath }}'
         sources: '${{ inputs.sources }}'
         target: '${{ inputs.target }}'
         debug: '${{ inputs.debug }}'
@@ -138,4 +124,3 @@ runs:
         tools: '${{ inputs.tools }}'
         eval-indirect-dependencies: '${{ inputs.eval-indirect-dependencies }}'
         autofix: '${{ inputs.autofix }}'
-        dynamic: '${{ inputs.dynamic }}'

src/index.ts

@@ -9,7 +9,6 @@ import {
 import { compareResults, createPRs, printResults } from './tool'
 import {
   autofix,
-  dynamic,
   callCommand,
   callLaceworkCli,
   debug,
@@ -42,59 +41,47 @@ async function runAnalysis() {
   }
 
   info('Analyzing ' + target)
-  const tools = (getInput('tools') || 'sca')
-    .toLowerCase()
-    .split(',')
-    .map((x) => x.trim())
-    .sort()
-  telemetryCollector.addField('tools', tools.join(','))
-  appendFileSync(getRequiredEnvVariable('GITHUB_ENV'), `LACEWORK_TOOLS=${tools.join(',')}\n`)
+  telemetryCollector.addField('tools', 'sca')
   const indirectDeps = getInput('eval-indirect-dependencies')
   const toUpload: string[] = []
-  if (tools.includes('sca')) {
-    await downloadKeys()
-    // command to print both sarif and lwjson formats
-    var args = [
-      'sca',
-      'scan',
-      '.',
-      '--save-results',
-      '-o',
-      scaDir,
-      '--formats',
-      'sarif,lw-json',
-      '--deployment',
-      'ci',
-      '--keyring',
-      trustedKeys,
-      '--secret',
-    ]
-    if (indirectDeps.toLowerCase() === 'false') {
-      args.push('--eval-direct-only')
-    }
-    if (debug()) {
-      args.push('--debug')
-    }
-    if (autofix()) {
-      args.push('--fix-suggestions')
-    }
-    if (dynamic()) {
-      args.push('--dynamic')
-    }
-    if (tools.includes('sast')) {
-      args.push('--fast')
-    }
-    await callLaceworkCli(...args)
-    // make a copy of the sarif file
-    args = [scaSarifReport, scaReport]
-    await callCommand('cp', ...args)
 
-    await printResults('sca', scaReport)
-    if (autofix()) {
-      await createPRs(scaLWJSONReport)
-    }
-    toUpload.push(scaReport)
+  await downloadKeys()
+  // command to print both sarif and lwjson formats
+  var args = [
+    'sca',
+    'scan',
+    '.',
+    '--save-results',
+    '-o',
+    scaDir,
+    '--formats',
+    'sarif,lw-json',
+    '--deployment',
+    'ci',
+    '--keyring',
+    trustedKeys,
+    '--secret',
+  ]
+  if (indirectDeps.toLowerCase() === 'false') {
+    args.push('--eval-direct-only')
+  }
+  if (debug()) {
+    args.push('--debug')
+  }
+  if (autofix()) {
+    args.push('--fix-suggestions')
   }
+  await callLaceworkCli(...args)
+  // make a copy of the sarif file
+  args = [scaSarifReport, scaReport]
+  await callCommand('cp', ...args)
+
+  await printResults('sca', scaReport)
+  if (autofix()) {
+    await createPRs(scaLWJSONReport)
+  }
+  toUpload.push(scaReport)
+
   const uploadStart = Date.now()
   await uploadArtifact('results-' + target, ...toUpload)
   telemetryCollector.addField('duration.upload-artifacts', (Date.now() - uploadStart).toString())

src/post.ts

@@ -32,9 +32,7 @@ async function main() {
     telemetryCollector.addField('repository', getRequiredEnvVariable('GITHUB_REPOSITORY'))
     telemetryCollector.addField('duration.total', getMsSinceStart())
     telemetryCollector.addField('error', 'Unknown catastrophic error')
-    if (getOptionalEnvVariable('LACEWORK_TOOLS', '') !== '') {
-      telemetryCollector.addField('tools', getRequiredEnvVariable('LACEWORK_TOOLS'))
-    }
+    telemetryCollector.addField('tools', 'sca')
     await telemetryCollector.report()
   } else {
     info('Telemetry has been reported previously')

src/util.ts

@@ -29,10 +29,6 @@ export function autofix() {
   return getBooleanInput('autofix') && getInput('target') != 'old'
 }
 
-export function dynamic() {
-  return getBooleanInput('dynamic')
-}
-
 export function getRunUrl(): string {
   let result = getRequiredEnvVariable('GITHUB_SERVER_URL')
   result += '/'