Skip to content

feat(observability): add scanner-level skip and filter messages#44

Open
quanticsoul4772 wants to merge 1 commit intoSolDevelo:mainfrom
quanticsoul4772:rawcell/scanner-observability-fix
Open

feat(observability): add scanner-level skip and filter messages#44
quanticsoul4772 wants to merge 1 commit intoSolDevelo:mainfrom
quanticsoul4772:rawcell/scanner-observability-fix

Conversation

@quanticsoul4772
Copy link
Copy Markdown

@quanticsoul4772 quanticsoul4772 commented Apr 18, 2026

Closes #32

What this changes

Previous attempt (#35) adjusted the global log level — this PR instead adds targeted messages at the scanner level, specifically where scans are skipped, partially executed, or findings are filtered without user visibility.

docker_scout_scanner.py

  • No container files found: when neither Docker Compose nor Kubernetes files are detected, prints [i] No Docker Compose or Kubernetes files found — container scan skipped. so users know container scanning was intentionally skipped, not broken or forgotten.
  • Negligible CVE filter: counts Negligible-severity CVEs that are suppressed and prints [i] Filtered N Negligible-severity CVE(s) from Docker Scout results (use --verbose to include them). so users can distinguish "0 findings" from "findings were suppressed".

grype_scanner.py

  • Negligible CVE filter: same filter-count message as above, for the Grype fallback path.

parser.py (scan_directory_level)

  • Unreadable files warning: counts files that fail to open during directory-level scanning and prints [!] Warning: N file(s) could not be read and were skipped — scan results may be incomplete. This is the inverse-regex scanner path where silent file-read failures mean the "required pattern" check runs on incomplete data.

Example output

Container scan skipped (no files):

[i] No Docker Compose or Kubernetes files found — container scan skipped.

After container scan with filtered CVEs:

[i] Filtered 14 Negligible-severity CVE(s) from Docker Scout results (use --verbose to include them).

After directory scan with unreadable files:

[!] Warning: 2 file(s) could not be read and were skipped — scan results may be incomplete.

🤖 Generated with Claude Code

@quanticsoul4772 @claude
feat(observability): add scanner-level skip and filter messages
35194ec 
Addresses issue SolDevelo#32 — InfraScan should print more information about
what is happening, especially in error and skip scenarios.

Changes:
- docker_scout_scanner.py: print message when no container files found
  so users know container scanning was skipped (not silently omitted)
- docker_scout_scanner.py: report count of Negligible CVEs filtered
  so users can distinguish "0 findings" from "findings suppressed"
- grype_scanner.py: same negligible CVE filter count message as above
- parser.py (scan_directory_level): count and warn on unreadable files
  so users know when scan results may be incomplete

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Infrascan should be a bit more verbose

1 participant

@quanticsoul4772