refactor: remove parallel walk

[knqyf263]

Description

Since filepath.WalkDir is fast enough now, this PR removes github.com/saracen/walker. Also, it defines the Walker interface so that other tools can override the behavior.

Related issues

• Close errorCallback is not handled in fast scanning #5179

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[knqyf263]

@santhosh1729 I think we'll merge this PR now, and you can give us feedback anytime.

[github-actions]

This PR is stale because it has been labeled with inactivity.

[knqyf263]

@DmitriyLewen Could you quickly take a look? Aqua confirmed it, and it should be fine, but I want to double-check it.

[DmitriyLewen]

LGTM

[nikpivkin]

LGTM

[Esonhugh]

I have a question. Why you just ignore the .git folder?

[knqyf263]

The git dir shouldn't have files Trivy wants to find, and it is time-consuming to walk the dir.

[Esonhugh]

The git dir shouldn't have files Trivy wants to find, and it is time-consuming to walk the dir.

thank u for answering. But I want to say something. just like what github official does.

https://github.com/actions/checkout/blob/44c2b7a8a4ea60a981eaca3cf939b5f4305c123b/src/git-auth-helper.ts#L286

They allows save PAT tokens or request OAuth tokens in this actions. And backup this So some careless people do like

FROM node:16
RUN mkdir /app
COPY . /app
RUN yarn install
EXPOSE 80
CMD ["node", "/app/app.js"]

And Python/PHP/Javascript programmers always do like this. : )

So at least whitelist the .git/config .git/modules/[any]/config and blacklist something like .git/objects

[knqyf263]

FROM node:16
RUN mkdir /app
COPY . /app
RUN yarn install
EXPOSE 80
CMD ["node", "/app/app.js"]

What's wrong in this Dockerfile? PAT will be deleted in the post-job step.

[Esonhugh]

FROM node:16
RUN mkdir /app
COPY . /app
RUN yarn install
EXPOSE 80
CMD ["node", "/app/app.js"]

What's wrong in this Dockerfile? PAT will be deleted in the post-job step.

Yes post job. But docker image building is before it :)
It's

graph TD;
START ---> github.token.start(register a Temp github.token) ---> checkout --->  checkout-1(PAT sets so use PAT, do submodules or sth, save it in .git/config) ---> docker-image-building ---> docker-image-uploading(docker image tag login push) ---> post-docker-login(post docker login if login action) ---> post-checkout(post checkout action, clean up if not set persisence, delete local config) ---> End(Action Ends and revoke the Temp github.token)

Loading

[knqyf263]

Hmm. It's interesting. Did you ensure PAT can be exposed to a container image?

[ActionOPs]

Hmm. It's interesting. Did you ensure PAT can be exposed to a container image?

pretty sure. Play with cross repos ref submodules they must do like that. I can create an environment. : )

[knqyf263]

I've created an issue. Thanks!
#6699

[Esonhugh]

I've created an issue. Thanks! #6699

nice work :)