feat: add excludeRepos support to GithubOrgReader (#476)

* feat: add excludeRepos support to GithubOrgReader

* feat: add excludeRepos support to GithubOrgReader

* Syntax changes

* fix: excluded repo variable declartion

* fix: scan command to include excluded repo config

---------

Co-authored-by: abhisek <abhisek.datta@gmail.com>

pkg/readers/github_org_reader.go

@@ -21,6 +21,7 @@ type GithubOrgReaderConfig struct {
 	IncludeArchived        bool
 	MaxRepositories        int
 	SkipDependencyGraphAPI bool
+	ExcludeRepos           []string
 }
 
 type githubOrgReader struct {
@@ -127,7 +128,14 @@ func (p *githubOrgReader) handleRepositoryBatch(repositories []*github.Repositor
 	handler PackageManifestHandlerFn,
 ) error {
 	var repoUrls []string
+
 	for _, repo := range repositories {
+		fullName := repo.GetFullName()
+		if githubIsExcludedRepo(fullName, p.config.ExcludeRepos) {
+			logger.Infof("Skipping excluded repo: %s", fullName)
+			continue
+		}
+
 		breach := p.withIncrementedRepoCount(func() {
 			repoUrls = append(repoUrls, repo.GetCloneURL())
 		})
@@ -171,3 +179,20 @@ func githubOrgFromURL(githubUrl string) (string, error) {
 
 	return parts[1], nil
 }
+
+// To exclude specific repo using github org scanner
+func githubIsExcludedRepo(repoName string, excludedRepositories []string) bool {
+	if len(excludedRepositories) == 0 {
+		return false
+	}
+
+	logger.Debugf("Checking if repo %s is excluded", repoName)
+
+	for _, ex := range excludedRepositories {
+		if strings.TrimSpace(repoName) == strings.TrimSpace(ex) {
+			return true
+		}
+	}
+
+	return false
+}

pkg/readers/github_org_reader_test.go

@@ -77,4 +77,46 @@ func TestGithubOrgReader(t *testing.T) {
 			}
 		})
 	}
+	
+}
+
+func TestGithubIsExcludedRepo(t *testing.T) {
+	cases := []struct {
+		name        string
+		fullName    string
+		excluded    []string
+		expectedVal bool
+	}{
+		{
+			name:        "no excluded repo configured",
+			fullName:    "x/y",
+			excluded:    []string{},
+			expectedVal: false,
+		},
+		{
+			name:        "match excluded",
+			fullName:    "x/y",
+			excluded:    []string{"y/z", "x/y"},
+			expectedVal: true,
+		},
+		{
+			name:        "match with ignore whitespace",
+			fullName:    "x/y",
+			excluded:    []string{"  x/y  ", "b", "c"},
+			expectedVal: true,
+		},
+		{
+			name:        "no match",
+			fullName:    "x/u",
+			excluded:    []string{"x/y"},
+			expectedVal: false,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			ret := githubIsExcludedRepo(tc.fullName, tc.excluded)
+			assert.Equal(t, tc.expectedVal, ret)
+		})
+	}
 }

scan.go

@@ -42,6 +42,7 @@ var (
 	githubRepoUrls                   []string
 	githubOrgUrl                     string
 	githubOrgMaxRepositories         int
+	githubOrgExcludedRepos           []string
 	githubSkipDependencyGraphAPI     bool
 	scanExclude                      []string
 	transitiveAnalysis               bool
@@ -134,6 +135,8 @@ func newScanCommand() *cobra.Command {
 		"Github organization URL (Example: https://github.com/safedep)")
 	cmd.Flags().IntVarP(&githubOrgMaxRepositories, "github-org-max-repo", "", 1000,
 		"Maximum number of repositories to process for the Github Org")
+	cmd.Flags().StringArrayVarP(&githubOrgExcludedRepos, "github-org-exclude-repos", "", []string{},
+		"Comma-separated list of GitHub repos to exclude during org scan (format: org/repo1,org/repo2)")
 	cmd.Flags().BoolVarP(&githubSkipDependencyGraphAPI, "skip-github-dependency-graph-api", "", false,
 		"Do not use GitHub Dependency Graph API to fetch dependencies")
 	cmd.Flags().StringVarP(&lockfileAs, "lockfile-as", "", "",
@@ -365,6 +368,7 @@ func internalStartScan() error {
 			IncludeArchived:        false,
 			MaxRepositories:        githubOrgMaxRepositories,
 			SkipDependencyGraphAPI: githubSkipDependencyGraphAPI,
+			ExcludeRepos:           githubOrgExcludedRepos,
 		})
 	} else if len(purlSpec) > 0 {
 		analytics.TrackCommandScanPurlScan()