test: update snapshots

Avgor46 · Avgor46 · commit f945d21e08f0 · 2026-04-07T23:36:44.000+03:00
diff --git a/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/image/__snapshots__/command_test.snap
@@ -1202,6 +1202,34 @@ You can also view the full vulnerability list in your terminal with: `osv-scanne
 
 ---
 
+[TestCommand_OCIImage/scanning_ubuntu_image_with_homebrew_extractor - 1]
+Scanning local image tarball "./testdata/test-ubuntu-homebrew.tar"
+skipping file "home/linuxbrew/.linuxbrew/Homebrew/Library/Taps/homebrew/homebrew-core/.git/objects/pack/pack-e9e01e0d000c8cde5a2151a6c277c318dda8a828.pack" because its size (1157852163 bytes) is larger than the max size (1073741824 bytes)
+
+
+Container Scanning Result (Ubuntu 22.04.5 LTS):
+Total 1 package affected by 3 known vulnerabilities (1 Critical, 1 High, 1 Medium, 0 Low, 0 Unknown) from 1 ecosystem.
+0 vulnerabilities can be fixed.
+
+
+GIT
++------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Source:os:/home/linuxbrew/.linuxbrew/Cellar/cjson/1.7.17/INSTALL_RECEIPT.json                                                                        |
++-------------------------------------+-------------------+------------------+------------+-------------------------+------------------+---------------+
+| SOURCE PACKAGE                      | INSTALLED VERSION | FIX AVAILABLE    | VULN COUNT | BINARY PACKAGES (COUNT) | INTRODUCED LAYER | IN BASE IMAGE |
++-------------------------------------+-------------------+------------------+------------+-------------------------+------------------+---------------+
+| https://github.com/DaveGamble/cJSON | 1.7.17            | No fix available |          3 |                         | # 19 Layer       | --            |
++-------------------------------------+-------------------+------------------+------------+-------------------------+------------------+---------------+
+
+For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name>`.
+You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical <image_name>`.
+
+---
+
+[TestCommand_OCIImage/scanning_ubuntu_image_with_homebrew_extractor - 2]
+
+---
+
 [TestCommand_OCIImage_JSONFormat/Scanning_python_image_with_some_packages - 1]
 {
   "results": [
diff --git a/cmd/osv-scanner/scan/image/command_test.go b/cmd/osv-scanner/scan/image/command_test.go
@@ -358,7 +358,7 @@ func TestCommand_OCIImage(t *testing.T) {
 				"", "image",
 				"--experimental-plugins", "os/homebrew",
 				"--experimental-plugins", "misc/brew-source",
-				"--experimental-disable-plugins",
+				"--experimental-no-default-plugins",
 				"--archive", "./testdata/test-ubuntu-homebrew.tar",
 			},
 			Exit: 1,
diff --git a/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml b/cmd/osv-scanner/scan/image/testdata/cassettes/TestCommand_OCIImage.yaml
@@ -15602,3 +15602,62 @@ interactions:
       status: 200 OK
       code: 200
       duration: 0s
+  - request:
+      proto: HTTP/1.1
+      proto_major: 1
+      proto_minor: 1
+      content_length: 171
+      host: api.osv.dev
+      body: |
+        {
+          "queries": [
+            {
+              "package": {
+                "ecosystem": "GIT",
+                "name": "https://github.com/davegamble/cjson"
+              },
+              "version": "1.7.17"
+            }
+          ]
+        }
+      headers:
+        Content-Type:
+          - application/json
+        X-Test-Name:
+          - TestCommand_OCIImage/scanning_ubuntu_image_with_homebrew_extractor
+      url: https://api.osv.dev/v1/querybatch
+      method: POST
+    response:
+      proto: HTTP/1.1
+      proto_major: 1
+      proto_minor: 1
+      content_length: 220
+      body: |
+        {
+          "results": [
+            {
+              "vulns": [
+                {
+                  "id": "CVE-2023-53154",
+                  "modified": "2026-03-14T12:23:16.581554Z"
+                },
+                {
+                  "id": "CVE-2024-31755",
+                  "modified": "2026-03-14T12:30:30.932017Z"
+                },
+                {
+                  "id": "CVE-2025-57052",
+                  "modified": "2026-03-23T05:11:28.908372Z"
+                }
+              ]
+            }
+          ]
+        }
+      headers:
+        Content-Length:
+          - "220"
+        Content-Type:
+          - application/json
+      status: 200 OK
+      code: 200
+      duration: 0s
diff --git a/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap b/cmd/osv-scanner/scan/source/__snapshots__/command_test.snap
@@ -516,9 +516,9 @@ Total 6 packages affected by 10 known vulnerabilities (2 Critical, 2 High, 2 Med
 | 0BSD              | Packagist | league/flysystem                               | 1.0.8        | testdata/locks-insecure/composer.lock                 |
 | UNKNOWN           | Go        | stdlib                                         | 1.99.9       | testdata/locks-insecure/osv-scanner-custom.json       |
 | UNKNOWN           | Go        | toolchain                                      | 1.99.9       | testdata/locks-insecure/osv-scanner-custom.json       |
-| UNKNOWN           |           | https://chromium.googlesource.com/chromium/src |              | testdata/locks-insecure/osv-scanner-flutter-deps.json |
-| UNKNOWN           |           | https://github.com/brendan-duncan/archive.git  |              | testdata/locks-insecure/osv-scanner-flutter-deps.json |
-| UNKNOWN           |           | https://github.com/flutter/buildroot.git       |              | testdata/locks-insecure/osv-scanner-flutter-deps.json |
+| UNKNOWN           | GIT       | https://chromium.googlesource.com/chromium/src |              | testdata/locks-insecure/osv-scanner-flutter-deps.json |
+| UNKNOWN           | GIT       | https://github.com/brendan-duncan/archive.git  |              | testdata/locks-insecure/osv-scanner-flutter-deps.json |
+| UNKNOWN           | GIT       | https://github.com/flutter/buildroot.git       |              | testdata/locks-insecure/osv-scanner-flutter-deps.json |
 | 0BSD              | Packagist | drupal/core                                    | 10.4.5       | testdata/locks-many-with-insecure/composer.lock       |
 | 0BSD              | Packagist | drupal/simple_sitemap                          | 4.2.1        | testdata/locks-many-with-insecure/composer.lock       |
 | 0BSD              | Packagist | drupal/tfa                                     | 2.0.0-alpha4 | testdata/locks-many-with-insecure/composer.lock       |
@@ -3413,21 +3413,23 @@ Total 1 package affected by 40 known vulnerabilities (5 Critical, 15 High, 20 Me
 [TestCommand_HomebrewWithAnnotators/homebrew_extractor_explicitly_enabled_with_annotator - 1]
 Scanning dir ./testdata/homebrew/Cellar/
 Scanned <rootdir>/testdata/homebrew/Cellar/libssh2/1.11.1/INSTALL_RECEIPT.json file and found 1 package
+Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
+
 
 Scanning Result (package view):
 Total 1 package affected by 5 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 5 Unknown) from 1 ecosystem.
 0 vulnerabilities can be fixed.
 
 
 GIT
-+----------------------------------------------------------------------------------------------+
-| Source:os:<rootdir>/testdata/homebrew/Cell |
-| ar/libssh2/1.11.1/INSTALL_RECEIPT.json                                                       |
-+----------------+-------------------+------------------+------------+-------------------------+
-| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE    | VULN COUNT | BINARY PACKAGES (COUNT) |
-+----------------+-------------------+------------------+------------+-------------------------+
-| libssh2        | 1.11.1            | No fix available |          5 |                         |
-+----------------+-------------------+------------------+------------+-------------------------+
++------------------------------------------------------------------------------------------------------------------+
+| Source:os:<rootdir>/testdata/homebrew/Cellar/libssh2/1.11.1/IN |
+| STALL_RECEIPT.json                                                                                               |
++------------------------------------+-------------------+------------------+------------+-------------------------+
+| SOURCE PACKAGE                     | INSTALLED VERSION | FIX AVAILABLE    | VULN COUNT | BINARY PACKAGES (COUNT) |
++------------------------------------+-------------------+------------------+------------+-------------------------+
+| https://github.com/libssh2/libssh2 | 1.11.1            | No fix available |          5 |                         |
++------------------------------------+-------------------+------------------+------------+-------------------------+
 
 For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name>`.
 You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical <image_name>`.
@@ -3443,21 +3445,23 @@ Scanning dir ./testdata/homebrew/Cellar/
 Scanned <rootdir>/testdata/homebrew/Cellar/libssh2/1.11.1/.brew/libssh2.rb file and found 0 packages
 Scanned <rootdir>/testdata/homebrew/Cellar/libssh2/1.11.1/.brew/libssh2.rb file and found 0 packages
 Scanned <rootdir>/testdata/homebrew/Cellar/libssh2/1.11.1/INSTALL_RECEIPT.json file and found 1 package
+Warning: plugin transitivedependency/pomxml can be risky when run on untrusted artifacts. Please ensure you trust the source code and artifacts before proceeding.
+
 
 Scanning Result (package view):
 Total 1 package affected by 5 known vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low, 5 Unknown) from 1 ecosystem.
 0 vulnerabilities can be fixed.
 
 
 GIT
-+----------------------------------------------------------------------------------------------+
-| Source:os:<rootdir>/testdata/homebrew/Cell |
-| ar/libssh2/1.11.1/INSTALL_RECEIPT.json                                                       |
-+----------------+-------------------+------------------+------------+-------------------------+
-| SOURCE PACKAGE | INSTALLED VERSION | FIX AVAILABLE    | VULN COUNT | BINARY PACKAGES (COUNT) |
-+----------------+-------------------+------------------+------------+-------------------------+
-| libssh2        | 1.11.1            | No fix available |          5 |                         |
-+----------------+-------------------+------------------+------------+-------------------------+
++------------------------------------------------------------------------------------------------------------------+
+| Source:os:<rootdir>/testdata/homebrew/Cellar/libssh2/1.11.1/IN |
+| STALL_RECEIPT.json                                                                                               |
++------------------------------------+-------------------+------------------+------------+-------------------------+
+| SOURCE PACKAGE                     | INSTALLED VERSION | FIX AVAILABLE    | VULN COUNT | BINARY PACKAGES (COUNT) |
++------------------------------------+-------------------+------------------+------------+-------------------------+
+| https://github.com/libssh2/libssh2 | 1.11.1            | No fix available |          5 |                         |
++------------------------------------+-------------------+------------------+------------+-------------------------+
 
 For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner scan image --serve <image_name>`.
 You can also view the full vulnerability list in your terminal with: `osv-scanner scan image --format vertical <image_name>`.
diff --git a/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_HomebrewWithAnnotators.yaml b/cmd/osv-scanner/scan/source/testdata/cassettes/TestCommand_HomebrewWithAnnotators.yaml
@@ -1,8 +1,7 @@
 ---
 version: 2
 interactions:
-  - id: 0
-    request:
+  - request:
       proto: HTTP/1.1
       proto_major: 1
       proto_minor: 1
@@ -69,8 +68,7 @@ interactions:
       status: 200 OK
       code: 200
       duration: 0s
-  - id: 1
-    request:
+  - request:
       proto: HTTP/1.1
       proto_major: 1
       proto_minor: 1
diff --git a/internal/scalibrplugin/__snapshots__/resolve_test.snap b/internal/scalibrplugin/__snapshots__/resolve_test.snap
@@ -30,8 +30,10 @@ javascript/packagelockjson
 javascript/pnpmlock
 javascript/yarnlock
 license/depsdev
+misc/brew-source
 os/apk
 os/dpkg
+os/homebrew
 osv/osvscannerjson
 php/composerlock
 python/pdmlock
@@ -65,8 +67,10 @@ baseimage
 go/binary
 java/archive
 javascript/nodemodules
+misc/brew-source
 os/apk
 os/dpkg
+os/homebrew
 python/wheelegg
 rust/cargoauditable
 vex/os-duplicate/apk
@@ -102,8 +106,10 @@ baseimage
 go/binary
 java/archive
 javascript/nodemodules
+misc/brew-source
 os/apk
 os/dpkg
+os/homebrew
 python/wheelegg
 rust/cargoauditable
 vex/os-duplicate/apk
diff --git a/pkg/osvscanner/__snapshots__/osvscanner_test.snap b/pkg/osvscanner/__snapshots__/osvscanner_test.snap
@@ -12,7 +12,7 @@
           "package": {
             "name": "",
             "version": "",
-            "ecosystem": "",
+            "ecosystem": "GIT",
             "commit": "33dffa3909a67e1b5d22647128ab7eb6e53fd0c7"
           },
           "groups": [
