-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG OSS-Fuzz does not detect multiple repos fuzzed under a project #2745
Comments
The project clones multiple sub project in a single docker file https://github.com/google/oss-fuzz/blob/master/projects/argo/Dockerfile |
#2719 won't handle this as written. Since the main repo url is "github.com/argoproj", none of the sub projects would work. It would be easy to convert extend the logic to fall back to searching the org: e.g. |
@spencerschrock I agree extending the logic would not be the best solution, as you stated this would create many false positives. Do you have any other solutions or suggestions? I'd really like to avoid refactoring the fuzzing checks we already have in place. |
Hmm, the vast majority of
We support looking for a |
Thank you all for looking into this, any updates would be appreciated. |
Not much feedback on the issue from other Scorecard maintainers, but I can say we're planning maintainer annotations that would help address add context to situations like this. The design hasn't started, but its on our roadmap. |
Describe the bug
https://github.com/argoproj
currently uses oss-fuzz to perform fuzzing on the four repositories listed below:I see that #2719 was recently merged and parses the results of https://oss-fuzz-build-logs.storage.googleapis.com/status.json. I'm not sure if this fix would cover our case. I do see the main project being detected in the build results, but not each repo as listed above.
Expected behavior
Fuzzing check to detect the repos that we have enabled for fuzzing.
Additional context
I appreciate all the hard work that has gone into this project. Keep up the great work.
The text was updated successfully, but these errors were encountered: