chore(COD-2736): remove deprecated options

README.md

@@ -48,7 +48,6 @@ jobs:
  uses: lacework/code-security-action@v1
  with:
  target: ${{ matrix.target }}
- tools: sca # Comma-separated list of tool(s) to use for scanning. Current options are sca
  display-results:
  runs-on: ubuntu-20.04
  name: Display results
@@ -59,7 +58,6 @@ jobs:
  id: code-analysis
  uses: lacework/code-security-action@v1
  with:
- tools: sca # Should be the same list of tools as above.
  token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
@@ -89,7 +87,6 @@ jobs:
  uses: lacework/code-security-action@v1
  with:
  target: push
- tools: sca # Comma-separated list of tool(s) to use for scanning. Current options are sca
 ```
 
 ## License

action.yaml

@@ -2,11 +2,6 @@ name: 'lacework-code-security'
 description: "Scan code with Lacework's Code Security offering"
 author: 'Lacework'
 inputs:
- classpath:
- description: 'Specify the Java classpath'
- required: false
- default: ''
- deprecationMessage: 'This option is not used anymore'
  sources:
  description: 'Sources directory to analyze'
  required: false
@@ -24,10 +19,6 @@ inputs:
  footer:
  description: 'A block of Markdown that will be appended to any PR comments posted'
  required: false
- tools:
- description: 'Comma separated list of tools to run'
- required: false
- default: 'sca,sast'
  eval-indirect-dependencies:
  description: 'Show vulnerabilities found in transitive dependencies'
  required: false
@@ -36,10 +27,6 @@ inputs:
  description: 'Set to true to enable automated pull-requests for fix suggestions'
  required: false
  default: false
- dynamic:
- description: 'Set to true to integrate SCA results with dynamic data, such as package activity'
- required: false
- default: false
 outputs:
  old-completed:
  description: 'If running a target called old, whether the analysis for this was completed'
@@ -71,7 +58,6 @@ runs:
  shell: bash
  env:
  LACEWORK_ACTION_REF: '${{ github.action_ref }}'
- TOOLS: '${{ inputs.tools }}'
  run: |
  LACEWORK_CONTEXT_ID=`echo $RANDOM | md5sum | head -c 32`
  echo "Lacework context ID: $LACEWORK_CONTEXT_ID"
@@ -81,10 +67,8 @@ runs:
  curl https://raw.githubusercontent.com/lacework/go-sdk/main/cli/install.sh | bash
  KEY="$(date +'%Y-%m-%d')"
  KEY="$KEY-$RUNNER_OS-$RUNNER_ARCH"
- if [[ $TOOLS == *"sca"* ]]; then
- KEY="$KEY-sca-$SCA_VERSION"
- echo "sca-version=$SCA_VERSION" >> $GITHUB_OUTPUT
- fi
+ KEY="$KEY-sca-$SCA_VERSION"
+ echo "sca-version=$SCA_VERSION" >> $GITHUB_OUTPUT
  HASH="$(echo $KEY | md5sum | head -c 8)"
  echo "cache-key=$HASH" >> $GITHUB_OUTPUT
  - id: cache
@@ -122,13 +106,10 @@ runs:
  - id: run-analysis
  uses: './../lacework-code-security'
  with:
- classpath: '${{ inputs.classpath }}'
  sources: '${{ inputs.sources }}'
  target: '${{ inputs.target }}'
  debug: '${{ inputs.debug }}'
  token: '${{ inputs.token || github.token }}'
  footer: '${{ inputs.footer }}'
- tools: '${{ inputs.tools }}'
  eval-indirect-dependencies: '${{ inputs.eval-indirect-dependencies }}'
  autofix: '${{ inputs.autofix }}'
- dynamic: '${{ inputs.dynamic }}'

src/index.ts

@@ -9,7 +9,6 @@ import {
 import { compareResults, createPRs, printResults } from './tool'
 import {
  autofix,
- dynamic,
  callCommand,
  callLaceworkCli,
  debug,
@@ -42,59 +41,47 @@ async function runAnalysis() {
  }
 
  info('Analyzing ' + target)
- const tools = (getInput('tools') || 'sca')
- .toLowerCase()
- .split(',')
- .map((x) => x.trim())
- .sort()
- telemetryCollector.addField('tools', tools.join(','))
- appendFileSync(getRequiredEnvVariable('GITHUB_ENV'), `LACEWORK_TOOLS=${tools.join(',')}\n`)
+ telemetryCollector.addField('tools', 'sca')
  const indirectDeps = getInput('eval-indirect-dependencies')
  const toUpload: string[] = []
- if (tools.includes('sca')) {
- await downloadKeys()
- // command to print both sarif and lwjson formats
- var args = [
- 'sca',
- 'scan',
- '.',
- '--save-results',
- '-o',
- scaDir,
- '--formats',
- 'sarif,lw-json',
- '--deployment',
- 'ci',
- '--keyring',
- trustedKeys,
- '--secret',
- ]
- if (indirectDeps.toLowerCase() === 'false') {
- args.push('--eval-direct-only')
- }
- if (debug()) {
- args.push('--debug')
- }
- if (autofix()) {
- args.push('--fix-suggestions')
- }
- if (dynamic()) {
- args.push('--dynamic')
- }
- if (tools.includes('sast')) {
- args.push('--fast')
- }
- await callLaceworkCli(...args)
- // make a copy of the sarif file
- args = [scaSarifReport, scaReport]
- await callCommand('cp', ...args)
 
- await printResults('sca', scaReport)
- if (autofix()) {
- await createPRs(scaLWJSONReport)
- }
- toUpload.push(scaReport)
+ await downloadKeys()
+ // command to print both sarif and lwjson formats
+ var args = [
+ 'sca',
+ 'scan',
+ '.',
+ '--save-results',
+ '-o',
+ scaDir,
+ '--formats',
+ 'sarif,lw-json',
+ '--deployment',
+ 'ci',
+ '--keyring',
+ trustedKeys,
+ '--secret',
+ ]
+ if (indirectDeps.toLowerCase() === 'false') {
+ args.push('--eval-direct-only')
+ }
+ if (debug()) {
+ args.push('--debug')
+ }
+ if (autofix()) {
+ args.push('--fix-suggestions')
  }
+ await callLaceworkCli(...args)
+ // make a copy of the sarif file
+ args = [scaSarifReport, scaReport]
+ await callCommand('cp', ...args)
+
+ await printResults('sca', scaReport)
+ if (autofix()) {
+ await createPRs(scaLWJSONReport)
+ }
+ toUpload.push(scaReport)
+
  const uploadStart = Date.now()
  await uploadArtifact('results-' + target, ...toUpload)
  telemetryCollector.addField('duration.upload-artifacts', (Date.now() - uploadStart).toString())

src/post.ts

@@ -32,9 +32,7 @@ async function main() {
  telemetryCollector.addField('repository', getRequiredEnvVariable('GITHUB_REPOSITORY'))
  telemetryCollector.addField('duration.total', getMsSinceStart())
  telemetryCollector.addField('error', 'Unknown catastrophic error')
- if (getOptionalEnvVariable('LACEWORK_TOOLS', '') !== '') {
- telemetryCollector.addField('tools', getRequiredEnvVariable('LACEWORK_TOOLS'))
- }
+ telemetryCollector.addField('tools', 'sca')
  await telemetryCollector.report()
  } else {
  info('Telemetry has been reported previously')

src/util.ts

@@ -29,10 +29,6 @@ export function autofix() {
  return getBooleanInput('autofix') && getInput('target') != 'old'
 }
 
-export function dynamic() {
- return getBooleanInput('dynamic')
-}
-
 export function getRunUrl(): string {
  let result = getRequiredEnvVariable('GITHUB_SERVER_URL')
  result += '/'