Update docs

Changelog.md

@@ -1,5 +1,9 @@
 # FOSSA CLI Changelog
 
+## 3.9.32
+
+- `--strict`: Users can now enable strict mode for analysis. ([#1463](https:/fossas/fossa-cli/pull/1463))
+
 ## 3.9.31
 
 - Resolve an issue parsing toml configuration files. ([#1459](https:/fossas/fossa-cli/pull/1459))

docs/references/subcommands/analyze.md

@@ -127,11 +127,12 @@ We support the following archive formats:
 
 In addition to the [standard flags](#specifying-fossa-project-details), the analyze command supports the following additional strategy flags:
 
-| Name | Description |
-| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| [`--detect-vendored`](./analyze/detect-vendored.md) | Enable the vendored source identification engine. For more information, see the [C and C++ overview](../strategies/languages/c-cpp/c-cpp.md). |
-| [`--detect-dynamic './some-binary`](./analyze/detect-dynamic.md) | Analyze the binary at the provided path for dynamically linked dependencies. For more information, see the [C and C++ overview](../strategies/languages/c-cpp/c-cpp.md). |
-| [`--static-only-analysis`](../strategies/README.md#static-and-dynamic-strategies) | Do not use third-party tools when analyzing projects. |
+| Name | Description |
+| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| [`--detect-vendored`](./analyze/detect-vendored.md) | Enable the vendored source identification engine. For more information, see the [C and C++ overview](../strategies/languages/c-cpp/c-cpp.md). |
+| [`--detect-dynamic './some-binary`](./analyze/detect-dynamic.md) | Analyze the binary at the provided path for dynamically linked dependencies. For more information, see the [C and C++ overview](../strategies/languages/c-cpp/c-cpp.md). |
+| [`--static-only-analysis`](../strategies/README.md#static-and-dynamic-strategies) | Do not use third-party tools when analyzing projects. |
+| `--strict` | Enable strict analysis to enforce that the first analysis strategy within a [strategy type](../strategies/README.md#strategies-by-type) passes. Fallback strategies are not allowed in strict mode. |
 
 
 ### Experimental Options

src/App/Fossa/Analyze.hs

@@ -364,7 +364,6 @@ analyze cfg = Diag.context "fossa-analyze" $ do
  pure Nothing
  else Diag.context "first-party-scans" . runStickyLogger SevInfo $ runFirstPartyScan basedir maybeApiOpts cfg
  let firstPartyScanResults = join . resultToMaybe $ maybeFirstPartyScanResults
- -- logDebug $ "Is in strict mode ------------- " <> pretty (show strictMode)
  let discoveryFilters = if fromFlag NoDiscoveryExclusion noDiscoveryExclusion then mempty else filters
  (projectScans, ()) <-
  Diag.context "discovery/analysis tasks"
@@ -599,7 +598,3 @@ updateProgress Progress{..} =
  <> " Completed"
  <> " ]"
  )
-
--- analyzeStrictModeGuard :: Has Diagnostics sig m => Mode -> m a -> m a
--- analyzeStrictModeGuard Strict _ = fatal "Strict mode enabled, skipping other strategies"
--- analyzeStrictModeGuard NonStrict action = action

src/App/Fossa/Config/Analyze.hs

@@ -24,7 +24,6 @@ module App.Fossa.Config.Analyze (
  StaticOnlyTactics (..),
  WithoutDefaultFilters (..),
  StrictMode (..),
- Mode (..),
  mkSubCommand,
  loadConfig,
  cliParser,
@@ -339,7 +338,7 @@ cliParser =
  <*> optional (strOption (applyFossaStyle <> long "fossa-deps-file" <> helpDoc fossaDepsFileHelp <> metavar "FILEPATH"))
  <*> flagOpt StaticOnlyTactics (applyFossaStyle <> long "static-only-analysis" <> stringToHelpDoc "Only analyze the project using static strategies.")
  <*> withoutDefaultFilterParser fossaAnalyzeDefaultFilterDocUrl
- <*> flagOpt StrictMode (applyFossaStyle <> long "strict" <> stringToHelpDoc "Strict mode")
+ <*> flagOpt StrictMode (applyFossaStyle <> long "strict" <> stringToHelpDoc "Enables strict analysis to enforce that the first analysis strategy within a strategy type passes. Fallback strategies are not allowed in strict mode.")
  where
  fossaDepsFileHelp :: Maybe (Doc AnsiStyle)
  fossaDepsFileHelp =
@@ -348,6 +347,7 @@ cliParser =
  [ "Path to fossa-deps file including filename"
  , boldItalicized "Default:" <> " fossa-deps.{yaml|yml|json}"
  ]
+
 branchHelp :: Maybe (Doc AnsiStyle)
 branchHelp =
  Just . formatDoc $

src/App/Util.hs

@@ -6,17 +6,15 @@ module App.Util (
  validateDir,
  validateFile,
  guardStrictMode,
- populateWarningsForAnalysisMode,
  FileAncestry (..),
 ) where
 
 import App.Types
 import Control.Algebra (Has)
 import Control.Carrier.Diagnostics (Diagnostics)
-import Control.Effect.Diagnostics (fatalText, warnOnErr)
+import Control.Effect.Diagnostics (fatalText)
 import Control.Monad (unless)
 import Data.String.Conversion (ToText (..))
-import Diag.Common (MissingDeepDeps (..), MissingEdges (..))
 import GHC.Generics (Generic)
 import Path (Abs, Dir, File, Path, Rel, SomeBase (..), toFilePath, (</>))
 import Path.Extra (tryMakeRelative)
@@ -56,10 +54,8 @@ ancestryDerived parent dir file = do
  rel <- ancestryDirect dir file
  pure $ fileAncestryPath parent </> rel
 
+-- | Guards analysis strategies depending on the mode. On strict mode, emit an error to end the chain of diagnostics to prevent
+-- other strategies to be executed. On non-strict mode, allow fallback strategies to be executed.
 guardStrictMode :: Has Diagnostics sig m => Mode -> m a -> m a
 guardStrictMode Strict _ = fatalText "Strict mode enabled, skipping other strategies"
 guardStrictMode NonStrict action = action
-
-populateWarningsForAnalysisMode :: (Has Diagnostics sig m) => Mode -> m a -> m a
-populateWarningsForAnalysisMode Strict = id
-populateWarningsForAnalysisMode NonStrict = warnOnErr MissingEdges . warnOnErr MissingDeepDeps

src/Strategy/Bundler.hs

@@ -11,7 +11,6 @@ import App.Fossa.Analyze.LicenseAnalyze (
  LicenseAnalyzeProject (licenseAnalyzeProject),
  )
 import App.Fossa.Analyze.Types (AnalyzeProject (analyzeProjectStaticOnly), analyzeProject)
-import App.Fossa.Config.Analyze (StrictMode (..))
 import App.Types (Mode (..))
 import App.Util (guardStrictMode)
 import Control.Effect.Diagnostics (
@@ -20,14 +19,12 @@ import Control.Effect.Diagnostics (
  errCtx,
  errDoc,
  errHelp,
- fatal,
  warnOnErr,
  (<||>),
  )
 import Control.Effect.Diagnostics qualified as Diag
 import Control.Effect.Reader (Reader, ask)
 import Data.Aeson (ToJSON)
-import Data.Flag (Flag, fromFlag)
 import Data.Glob as Glob (toGlob, (</>))
 import Data.Text (isSuffixOf)
 import Diag.Common (AllDirectDeps (AllDirectDeps), MissingEdges (MissingEdges))
@@ -40,7 +37,6 @@ import Discovery.Walk (
  walkWithFilters',
  )
 import Effect.Exec (Exec, Has)
-import Effect.Logger (Logger, logDebug)
 import Effect.ReadFS (ReadFS, readContentsParser)
 import GHC.Generics (Generic)
 import Path (Abs, Dir, File, Path, toFilePath)

src/Strategy/Cocoapods.hs

@@ -9,17 +9,18 @@ module Strategy.Cocoapods (
 import App.Fossa.Analyze.LicenseAnalyze (LicenseAnalyzeProject, licenseAnalyzeProject)
 import App.Fossa.Analyze.Types (AnalyzeProject (analyzeProjectStaticOnly), analyzeProject)
 import App.Types (Mode (..))
-import App.Util (guardStrictMode, populateWarningsForAnalysisMode)
+import App.Util (guardStrictMode)
 import Control.Applicative ((<|>))
 import Control.Carrier.Diagnostics (errHelp)
-import Control.Effect.Diagnostics (Diagnostics, context, errCtx, errDoc, (<||>))
+import Control.Effect.Diagnostics (Diagnostics, context, errCtx, errDoc, warnOnErr, (<||>))
 import Control.Effect.Diagnostics qualified as Diag
 import Control.Effect.Reader (Reader, ask)
 import Data.Aeson (ToJSON)
 import Data.Glob qualified as Glob
 import Data.List (find)
 import Data.List.Extra (singleton)
 import Data.Text (isSuffixOf)
+import Diag.Common (MissingDeepDeps (..), MissingEdges (..))
 import Discovery.Filters (AllFilters)
 import Discovery.Simple (simpleDiscover)
 import Discovery.Walk (
@@ -117,7 +118,7 @@ getDeps project = do
  context "Cocoapods" $
  context
  "Podfile.lock analysis"
- ( populateWarningsForAnalysisMode mode
+ ( populateErrorInfo mode
  . errCtx MissingPodLockFileCtx
  . errHelp MissingPodLockFileHelp
  . errDoc refPodDocUrl
@@ -131,7 +132,7 @@ getDeps' project = do
  context "Cocoapods" $
  context
  "Podfile.lock analysis"
- ( populateWarningsForAnalysisMode mode
+ ( populateErrorInfo mode
  . errCtx MissingPodLockFileCtx
  . errHelp MissingPodLockFileHelp
  . errDoc refPodDocUrl
@@ -171,3 +172,7 @@ analyzePodfileLockStatically project = do
  , dependencyGraphBreadth = Complete
  , dependencyManifestFiles = [lockFile]
  }
+
+populateErrorInfo :: (Has Diagnostics sig m) => Mode -> m a -> m a
+populateErrorInfo Strict = id
+populateErrorInfo NonStrict = warnOnErr MissingEdges . warnOnErr MissingDeepDeps

src/Strategy/Pub.hs

@@ -20,7 +20,7 @@ import Effect.Exec (Exec, Has)
 import Effect.Logger (Logger)
 import Effect.ReadFS (ReadFS)
 import GHC.Generics (Generic)
-import Path
+import Path (Abs, Dir, File, Path)
 import Strategy.Dart.Errors (PubspecLimitation (..), refPubDocUrl)
 import Strategy.Dart.PubDeps (analyzeDepsCmd)
 import Strategy.Dart.PubSpec (analyzePubSpecFile)