feat: use --x- for --experimental- flags

Author: G-Rath

cmd/osv-scanner/internal/helper/flags.go

@@ -191,20 +191,57 @@ func BuildCommonScanFlags(defaultExtractors []string) []cli.Flag {
 			Value: &allowedLicencesFlag{},
 		},
 		&cli.BoolFlag{
-			Name:  "experimental-flag-deprecated-packages",
+			Name:  "x-flag-deprecated-packages",
 			Usage: "report if package versions are deprecated",
 		},
+		&cli.BoolFlag{
+			Name:  "experimental-flag-deprecated-packages",
+			Usage: "[DEPRECATED] (use \"--x-flag-deprecated-packages\" instead) report if package versions are deprecated",
+			Action: func(_ context.Context, _ *cli.Command, _ bool) error {
+				cmdlogger.Warnf("Warning: --experimental-flag-deprecated-packages has been deprecated in favor of --x-flag-deprecated-packages")
+
+				return nil
+			},
+		},
 		&cli.StringSliceFlag{
 			Name:  "experimental-plugins",
+			Usage: "[DEPRECATED] (use \"--x-plugins\" instead) list of specific plugins and presets of plugins to use",
+			Action: func(_ context.Context, _ *cli.Command, _ []string) error {
+				cmdlogger.Warnf("Warning: --experimental-plugins has been deprecated in favor of --x-plugins")
+
+				return nil
+			},
+			Value: defaultExtractors,
+		},
+		&cli.StringSliceFlag{
+			Name:  "x-plugins",
 			Usage: "list of specific plugins and presets of plugins to use",
 			Value: defaultExtractors,
 		},
 		&cli.StringSliceFlag{
 			Name:  "experimental-disable-plugins",
+			Usage: "[DEPRECATED] (use \"--x-disable-plugins\" instead) list of specific plugins and presets of plugins to not use",
+			Action: func(_ context.Context, _ *cli.Command, _ []string) error {
+				cmdlogger.Warnf("Warning: --experimental-disable-plugins has been deprecated in favor of --x-disable-plugins")
+
+				return nil
+			},
+		},
+		&cli.StringSliceFlag{
+			Name:  "x-disable-plugins",
 			Usage: "list of specific plugins and presets of plugins to not use",
 		},
 		&cli.BoolFlag{
 			Name:  "experimental-no-default-plugins",
+			Usage: "[DEPRECATED] (use \"--x-no-default-plugins\" instead) disable default plugins, instead using only those enabled by --x-plugins",
+			Action: func(_ context.Context, _ *cli.Command, _ bool) error {
+				cmdlogger.Warnf("Warning: --experimental-no-default-plugins has been deprecated in favor of --x-no-default-plugins")
+
+				return nil
+			},
+		},
+		&cli.BoolFlag{
+			Name:  "x-no-default-plugins",
 			Usage: "disable default plugins, instead using only those enabled by --experimental-plugins",
 		},
 	}

cmd/osv-scanner/internal/helper/getters.go

@@ -49,12 +49,22 @@ func GetCommonScannerActions(cmd *cli.Command, scanLicensesAllowlist []string) o
 	}
 }
 
+// FallbackToDeprecatedName returns the preferred cli flag name if set,
+// otherwise falling back to the deprecated name
+func FallbackToDeprecatedName(cmd *cli.Command, name, old string) string {
+	if cmd.IsSet(name) {
+		return name
+	}
+
+	return old
+}
+
 func GetExperimentalScannerActions(cmd *cli.Command, client *http.Client) osvscanner.ExperimentalScannerActions {
 	return osvscanner.ExperimentalScannerActions{
-		PluginsEnabled:         cmd.StringSlice("experimental-plugins"),
-		PluginsDisabled:        cmd.StringSlice("experimental-disable-plugins"),
-		PluginsNoDefaults:      cmd.Bool("experimental-no-default-plugins"),
+		PluginsEnabled:         cmd.StringSlice(FallbackToDeprecatedName(cmd, "x-plugins", "experimental-plugins")),
+		PluginsDisabled:        cmd.StringSlice(FallbackToDeprecatedName(cmd, "x-disable-plugins", "experimental-disable-plugins")),
+		PluginsNoDefaults:      cmd.Bool(FallbackToDeprecatedName(cmd, "x-no-default-plugins", "experimental-no-default-plugins")),
 		HTTPClient:             client,
-		FlagDeprecatedPackages: cmd.Bool("experimental-flag-deprecated-packages"),
+		FlagDeprecatedPackages: cmd.Bool(FallbackToDeprecatedName(cmd, "x-flag-deprecated-packages", "experimental-flag-deprecated-packages")),
 	}
 }

cmd/osv-scanner/scan/image/command_test.go

@@ -23,8 +23,8 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom/spdx",
-				"--experimental-plugins=sbom/cdx",
+				"--x-plugins=sbom/spdx",
+				"--x-plugins=sbom/cdx",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 1,
@@ -34,9 +34,9 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom/spdx",
-				"--experimental-plugins=sbom/cdx",
-				"--experimental-disable-plugins=sbom",
+				"--x-plugins=sbom/spdx",
+				"--x-plugins=sbom/cdx",
+				"--x-disable-plugins=sbom",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 1,
@@ -46,8 +46,8 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom",
-				"--experimental-disable-plugins=sbom",
+				"--x-plugins=sbom",
+				"--x-disable-plugins=sbom",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 1,
@@ -57,8 +57,8 @@ func TestCommand_ExplicitExtractors_WithDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom/spdx,sbom/cdx",
-				"--experimental-disable-plugins=sbom",
+				"--x-plugins=sbom/spdx,sbom/cdx",
+				"--x-disable-plugins=sbom",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 1,
@@ -88,9 +88,9 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom/spdx",
-				"--experimental-plugins=sbom/cdx",
-				"--experimental-no-default-plugins",
+				"--x-plugins=sbom/spdx",
+				"--x-plugins=sbom/cdx",
+				"--x-no-default-plugins",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 1,
@@ -100,10 +100,10 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom/spdx",
-				"--experimental-plugins=sbom/cdx",
-				"--experimental-disable-plugins=sbom",
-				"--experimental-no-default-plugins",
+				"--x-plugins=sbom/spdx",
+				"--x-plugins=sbom/cdx",
+				"--x-disable-plugins=sbom",
+				"--x-no-default-plugins",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 127,
@@ -113,9 +113,9 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom",
-				"--experimental-disable-plugins=sbom",
-				"--experimental-no-default-plugins",
+				"--x-plugins=sbom",
+				"--x-disable-plugins=sbom",
+				"--x-no-default-plugins",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 127,
@@ -125,9 +125,9 @@ func TestCommand_ExplicitExtractors_WithoutDefaults(t *testing.T) {
 			Args: []string{
 				"", "image",
 				"--archive",
-				"--experimental-plugins=sbom/spdx,sbom/cdx",
-				"--experimental-disable-plugins=sbom",
-				"--experimental-no-default-plugins",
+				"--x-plugins=sbom/spdx,sbom/cdx",
+				"--x-disable-plugins=sbom",
+				"--x-no-default-plugins",
 				"testdata/test-alpine-sbom.tar",
 			},
 			Exit: 127,
@@ -193,7 +193,7 @@ func TestCommand_Docker(t *testing.T) {
 			// since we've requested the os/apk extractor disabled, and there's nothing else
 			// in the image that we support extracting
 			Name: "real_alpine_image_without_apk_extractor_enabled",
-			Args: []string{"", "image", "--experimental-disable-plugins=os/apk", "alpine:3.18.9"},
+			Args: []string{"", "image", "--x-disable-plugins=os/apk", "alpine:3.18.9"},
 			Exit: 128,
 		},
 	}
@@ -325,8 +325,8 @@ func TestCommand_OCIImage(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_specific_detector_enabled",
 			Args: []string{
 				"", "image",
-				"--experimental-plugins", "os/apk",
-				"--experimental-plugins", "weakcredentials/etcshadow",
+				"--x-plugins", "os/apk",
+				"--x-plugins", "weakcredentials/etcshadow",
 				"--archive", "./testdata/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -335,9 +335,9 @@ func TestCommand_OCIImage(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_specific_detector_disabled",
 			Args: []string{
 				"", "image",
-				"--experimental-plugins", "os/apk",
-				"--experimental-plugins", "weakcreds",
-				"--experimental-disable-plugins", "weakcredentials/etcshadow",
+				"--x-plugins", "os/apk",
+				"--x-plugins", "weakcreds",
+				"--x-disable-plugins", "weakcredentials/etcshadow",
 				"--archive", "./testdata/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -346,8 +346,8 @@ func TestCommand_OCIImage(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_detector_preset",
 			Args: []string{
 				"", "image",
-				"--experimental-plugins", "os/apk",
-				"--experimental-plugins", "weakcreds",
+				"--x-plugins", "os/apk",
+				"--x-plugins", "weakcreds",
 				"--archive", "./testdata/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -445,8 +445,8 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_specific_detector_enabled",
 			Args: []string{
 				"", "image", "--format=json",
-				"--experimental-plugins", "os/apk",
-				"--experimental-plugins", "weakcredentials/etcshadow",
+				"--x-plugins", "os/apk",
+				"--x-plugins", "weakcredentials/etcshadow",
 				"--archive", "./testdata/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -461,8 +461,8 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
 			Name: "scanning_insecure_alpine_image_with_detector_preset",
 			Args: []string{
 				"", "image", "--format=json",
-				"--experimental-plugins", "os/apk",
-				"--experimental-plugins", "weakcreds",
+				"--x-plugins", "os/apk",
+				"--x-plugins", "weakcreds",
 				"--archive", "./testdata/test-alpine-etcshadow.tar",
 			},
 			Exit: 1,
@@ -477,7 +477,7 @@ func TestCommand_OCIImage_JSONFormat(t *testing.T) {
 			Name: "scanning_image_with_deprecated_packages",
 			Args: []string{
 				"", "image", "--format=json",
-				"--experimental-flag-deprecated-packages",
+				"--x-flag-deprecated-packages",
 				"--archive", "./testdata/test-image-with-deprecated.tar",
 			},
 			Exit: 1,