Skip to content

Commit 23a8d45

Browse files
committed
Rename flag to ExcludeBaseImageComponents and add docs
1 parent dec63fd commit 23a8d45

4 files changed

Lines changed: 29 additions & 17 deletions

File tree

docs/detectors/linux.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,3 +54,15 @@ For example:
5454

5555
- Windows container scanning is not supported
5656
- Multiplatform images are not supported
57+
58+
## Excluding Base Image Components
59+
60+
When scanning container images, many detected components may originate from the base image rather than from layers added by the user's Dockerfile. The `--ExcludeBaseImageComponents` flag filters out components that exist exclusively in base image layers, so only components introduced by the user's own layers are reported.
61+
62+
```sh
63+
--ExcludeBaseImageComponents
64+
```
65+
66+
A component is excluded only if **all** of its associated container layers are marked as base image layers. If a component appears in at least one non-base-image layer, it is retained.
67+
68+
This flag has no effect on non-container scans (i.e., directory-based detection).

src/Microsoft.ComponentDetection.Orchestrator/Commands/ScanSettings.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -86,9 +86,9 @@ public class ScanSettings : BaseSettings
8686
[Description("Whether or not to cleanup files that are created during detection, based on the rules provided in each detector. Defaults to 'true'.")]
8787
public bool? CleanupCreatedFiles { get; set; }
8888

89-
[CommandOption("--FilterBaseImageComponents")]
89+
[CommandOption("--ExcludeBaseImageComponents")]
9090
[Description("When enabled, filters out components that originate exclusively from base image layers when scanning containers.")]
91-
public bool FilterBaseImageComponents { get; set; }
91+
public bool ExcludeBaseImageComponents { get; set; }
9292

9393
/// <inheritdoc />
9494
public override ValidationResult Validate()

src/Microsoft.ComponentDetection.Orchestrator/Services/GraphTranslation/DefaultGraphTranslationService.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ public ScanResult GenerateScanResultFromProcessingResult(
4242
ReconcileDependencyGraphIds(dependencyGraphs, mergedComponents);
4343

4444
var componentsToOutput = mergedComponents;
45-
if (settings.FilterBaseImageComponents)
45+
if (settings.ExcludeBaseImageComponents)
4646
{
4747
var originalCount = mergedComponents.Count;
4848
componentsToOutput = this.FilterOutBaseImageComponents(componentsToOutput, detectorProcessingResult.ContainersDetailsMap);

test/Microsoft.ComponentDetection.Orchestrator.Tests/Services/DefaultGraphTranslationServiceTests.cs

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -566,7 +566,7 @@ public void GenerateScanResult_MultipleRichAndBare_BareGraphDataAbsorbedByAllRic
566566
}
567567

568568
[TestMethod]
569-
public void FilterBaseImageComponents_RemovesComponentsExclusivelyFromBaseImageLayers()
569+
public void ExcludeBaseImageComponents_RemovesComponentsExclusivelyFromBaseImageLayers()
570570
{
571571
var singleFileRecorder = this.componentRecorder.CreateSingleFileComponentRecorder(Path.Join(this.sourceDirectory.FullName, "file1"));
572572

@@ -590,13 +590,13 @@ public void FilterBaseImageComponents_RemovesComponentsExclusivelyFromBaseImageL
590590
};
591591

592592
var result = this.serviceUnderTest.GenerateScanResultFromProcessingResult(
593-
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, FilterBaseImageComponents = true });
593+
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, ExcludeBaseImageComponents = true });
594594

595595
result.ComponentsFound.Should().BeEmpty();
596596
}
597597

598598
[TestMethod]
599-
public void FilterBaseImageComponents_RetainsComponentsWithMixedLayers()
599+
public void ExcludeBaseImageComponents_RetainsComponentsWithMixedLayers()
600600
{
601601
var singleFileRecorder = this.componentRecorder.CreateSingleFileComponentRecorder(Path.Join(this.sourceDirectory.FullName, "file1"));
602602

@@ -621,14 +621,14 @@ public void FilterBaseImageComponents_RetainsComponentsWithMixedLayers()
621621
};
622622

623623
var result = this.serviceUnderTest.GenerateScanResultFromProcessingResult(
624-
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, FilterBaseImageComponents = true });
624+
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, ExcludeBaseImageComponents = true });
625625

626626
result.ComponentsFound.Should().HaveCount(1);
627627
((NpmComponent)result.ComponentsFound.Single().Component).Name.Should().Be("mixed-pkg");
628628
}
629629

630630
[TestMethod]
631-
public void FilterBaseImageComponents_RetainsComponentsWithNoContainerReferences()
631+
public void ExcludeBaseImageComponents_RetainsComponentsWithNoContainerReferences()
632632
{
633633
var singleFileRecorder = this.componentRecorder.CreateSingleFileComponentRecorder(Path.Join(this.sourceDirectory.FullName, "file1"));
634634

@@ -652,14 +652,14 @@ public void FilterBaseImageComponents_RetainsComponentsWithNoContainerReferences
652652
};
653653

654654
var result = this.serviceUnderTest.GenerateScanResultFromProcessingResult(
655-
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, FilterBaseImageComponents = true });
655+
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, ExcludeBaseImageComponents = true });
656656

657657
result.ComponentsFound.Should().HaveCount(1);
658658
((NpmComponent)result.ComponentsFound.Single().Component).Name.Should().Be("fs-pkg");
659659
}
660660

661661
[TestMethod]
662-
public void FilterBaseImageComponents_NoOpWhenFlagIsDisabled()
662+
public void ExcludeBaseImageComponents_NoOpWhenFlagIsDisabled()
663663
{
664664
var singleFileRecorder = this.componentRecorder.CreateSingleFileComponentRecorder(Path.Join(this.sourceDirectory.FullName, "file1"));
665665

@@ -683,14 +683,14 @@ public void FilterBaseImageComponents_NoOpWhenFlagIsDisabled()
683683
};
684684

685685
var result = this.serviceUnderTest.GenerateScanResultFromProcessingResult(
686-
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, FilterBaseImageComponents = false });
686+
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, ExcludeBaseImageComponents = false });
687687

688688
result.ComponentsFound.Should().HaveCount(1);
689689
((NpmComponent)result.ComponentsFound.Single().Component).Name.Should().Be("base-pkg");
690690
}
691691

692692
[TestMethod]
693-
public void FilterBaseImageComponents_PrunesFilteredComponentsFromDependencyGraphs()
693+
public void ExcludeBaseImageComponents_PrunesFilteredComponentsFromDependencyGraphs()
694694
{
695695
var filePath = Path.Join(this.sourceDirectory.FullName, "file1");
696696
var singleFileRecorder = this.componentRecorder.CreateSingleFileComponentRecorder(filePath);
@@ -719,7 +719,7 @@ public void FilterBaseImageComponents_PrunesFilteredComponentsFromDependencyGrap
719719
};
720720

721721
var result = (DefaultGraphScanResult)this.serviceUnderTest.GenerateScanResultFromProcessingResult(
722-
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, FilterBaseImageComponents = true });
722+
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, ExcludeBaseImageComponents = true });
723723

724724
// Only the non-base-image component should remain.
725725
result.ComponentsFound.Should().HaveCount(1);
@@ -740,7 +740,7 @@ public void FilterBaseImageComponents_PrunesFilteredComponentsFromDependencyGrap
740740
}
741741

742742
[TestMethod]
743-
public void FilterBaseImageComponents_DependencyGraphsUnchangedWhenFlagDisabled()
743+
public void ExcludeBaseImageComponents_DependencyGraphsUnchangedWhenFlagDisabled()
744744
{
745745
var filePath = Path.Join(this.sourceDirectory.FullName, "file1");
746746
var singleFileRecorder = this.componentRecorder.CreateSingleFileComponentRecorder(filePath);
@@ -768,7 +768,7 @@ public void FilterBaseImageComponents_DependencyGraphsUnchangedWhenFlagDisabled(
768768
};
769769

770770
var result = (DefaultGraphScanResult)this.serviceUnderTest.GenerateScanResultFromProcessingResult(
771-
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, FilterBaseImageComponents = false });
771+
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, ExcludeBaseImageComponents = false });
772772

773773
// Both components should be present.
774774
result.ComponentsFound.Should().HaveCount(2);
@@ -780,7 +780,7 @@ public void FilterBaseImageComponents_DependencyGraphsUnchangedWhenFlagDisabled(
780780
}
781781

782782
[TestMethod]
783-
public void FilterBaseImageComponents_PrunesReferrersToFilteredComponents()
783+
public void ExcludeBaseImageComponents_PrunesReferrersToFilteredComponents()
784784
{
785785
var filePath = Path.Join(this.sourceDirectory.FullName, "file1");
786786
var singleFileRecorder = this.componentRecorder.CreateSingleFileComponentRecorder(filePath);
@@ -809,7 +809,7 @@ public void FilterBaseImageComponents_PrunesReferrersToFilteredComponents()
809809
};
810810

811811
var result = this.serviceUnderTest.GenerateScanResultFromProcessingResult(
812-
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, FilterBaseImageComponents = true });
812+
processingResult, new ScanSettings { SourceDirectory = this.sourceDirectory, ExcludeBaseImageComponents = true });
813813

814814
// Only child-pkg should remain (base-pkg is exclusively from base image layer).
815815
result.ComponentsFound.Should().HaveCount(1);

0 commit comments

Comments
 (0)