Skip to content

[ANE-2701] Make snippet scanning non experimental #1622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
spatten wants to merge 7 commits into
base: master
Choose a base branch
from
Open

[ANE-2701] Make snippet scanning non experimental #1622

spatten wants to merge 7 commits into from

Conversation

@spatten
Copy link
Contributor

@spatten spatten commented Dec 3, 2025
edited
Loading

Overview

This PR implements the CLI part of ANE-2701

In this PR, we add a new flag, --snippet-scan and hide and deprecate the --x-snippet-scan flag.

The --x-snippet-scan flag still works, and you can use either --snippet-scan or --x-snippet-scan (or both) to enable snippet scanning.

The only difference is that you get a deprecation warning if you use --x-snippet-scan.

At some point in the future we will remove the --x-snippet-scan flag altogether. Because this is an experimental flag, we will not wait the normal 6 months between deprecation and removal. Instead, the minimum date for removal is one month from when this PR is included in a release.

Acceptance criteria

  • Both the --x-snippet-scan and --snippet-scan flags enable snippet scanning
  • You get a deprecation warning if you use --x-snippet-scan
  • The documentation is updated to use --snippet-scan instead of --x-snippet-scan
  • fossa analyze --help no longer mentions --x-snippet-scan
  • fossa analyze --help shows help for --snippet-scan

Testing plan

make install-dev

Run fossa-dev analyze --snippet-scan and fossa-dev analyze --x-snippet-scan and fossa-dev analyze --snippet-scan --x-snippet-scan. In all cases you should see a successful snippet scan. If you used --x-snippet-scan, you should see a deprecation warning.

Run fossa-dev analyze --help. You should see no mention of --x-snippet-scan. You should see documentation for --snippet-scan.

Risks

This is low risk

Metrics

References

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
  • If this PR introduced a user-visible change, I added documentation into docs/.
  • If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
  • If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
  • If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

@spatten spatten requested a review from nficca December 4, 2025 22:52
@spatten spatten marked this pull request as ready for review December 4, 2025 22:53
@spatten spatten requested a review from a team as a code owner December 4, 2025 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nficca nficca nficca approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@spatten @nficca