Skip to content

[ANE-2564] Remove fossa snippets subcommand #1623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
spatten merged 6 commits into from
Jan 12, 2026
Merged

[ANE-2564] Remove fossa snippets subcommand #1623

spatten merged 6 commits into from
Jan 12, 2026

Conversation

@spatten
Copy link
Contributor

@spatten spatten commented Dec 16, 2025
edited
Loading

Overview

Delivers ANE-2565

Now that we have fossa analyze --snippet-scan in GA, we no longer need the fossa snippets subcommand.

Also, here's a Slack thread where Cortez notes that the existence of fossa snippets and fossa analyze --snippet-scan is causing confusion.

This PR removes the subcommand and any associated documentation.

Millhone is still used by Jars in Containers, so we will keep Millhone around for that.

Acceptance criteria

  • The fossa snippets subcommand no longer exists
  • Add documentation and references to the fossa snippets subcommand are removed

Testing plan

  • The build passes
  • You can no longer run fossa snippets
  • fossa help does not mention fossa snippets
  • Read through the docs and make sure there are no more references to fossa snippets

Risks

Metrics

References

Checklist

  • I added tests for this PR's change (or explained in the PR description why tests don't make sense).
  • If this PR introduced a user-visible change, I added documentation into docs/.
  • If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
  • If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an ## Unreleased section at the top.
  • If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
  • If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.

@spatten spatten changed the title [ANE-2564] Remove snippets subcommand [ANE-2564] Remove fossa snippets subcommand Dec 16, 2025
@spatten spatten marked this pull request as ready for review December 16, 2025 20:57
@spatten spatten requested a review from a team as a code owner December 16, 2025 20:57
@spatten spatten requested a review from nficca December 16, 2025 20:57
@spatten spatten enabled auto-merge (squash) January 12, 2026 17:38
@spatten spatten merged commit 0c2230c into master Jan 12, 2026
19 checks passed
@spatten spatten deleted the remove-snippets-subcommand branch January 12, 2026 18:30
jnewton03 added a commit to liquibase/build-logic that referenced this pull request Jan 13, 2026
@jnewton03 @claude
fix: replace deprecated fossa snippets command with --snippet-scan flag
1f46096 
FOSSA CLI removed the `fossa snippets` command (fossas/fossa-cli#1623).
This updates the workflow to use `fossa analyze --snippet-scan` instead.

- Remove deprecated "Run FOSSA Snippets Detection" step
- Remove deprecated "Generate Snippet Dependencies" step
- Add conditional --snippet-scan flag to analyze command
- Update input description for clarity

Fixes: DAT-21701

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@jnewton03 jnewton03 mentioned this pull request Jan 13, 2026
Merged
3 tasks
jnewton03 added a commit to liquibase/build-logic that referenced this pull request Jan 13, 2026
@jnewton03 @claude
fix: replace deprecated fossa snippets command with --snippet-scan fl…
94e8dfb 
…ag (#464)

* fix: replace deprecated fossa snippets command with --snippet-scan flag

FOSSA CLI removed the `fossa snippets` command (fossas/fossa-cli#1623).
This updates the workflow to use `fossa analyze --snippet-scan` instead.

- Remove deprecated "Run FOSSA Snippets Detection" step
- Remove deprecated "Generate Snippet Dependencies" step
- Add conditional --snippet-scan flag to analyze command
- Update input description for clarity

Fixes: DAT-21701

Co-Authored-By: Claude Opus 4.5 <[email protected]>

* fix: address CodeQL code injection warnings

Use environment variables instead of direct ${{ }} interpolation in shell
scripts to prevent potential code injection vulnerabilities.

Changes:
- Pass github.event.repository.name through REPO_NAME env var
- Pass github.head_ref through BRANCH_NAME env var
- Pass check_snippets flag through SNIPPET_FLAG env var
- Quote all variable references in shell commands

Co-Authored-By: Claude Opus 4.5 <[email protected]>

---------

Co-authored-by: Claude Opus 4.5 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nficca nficca nficca approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@spatten @nficca