fix(scan): surface GitHub rate-limit errors in bulk repo scan#1235
fix(scan): surface GitHub rate-limit errors in bulk repo scan#1235John-David Dalton (jdalton) wants to merge 1 commit intomainfrom
Conversation
The bulk-scan loop in `createScanFromGithub` silently swallowed per-repo failures. A rate-limited token made every repo fail, yet the outer function returned ok:true with "N repos / 0 manifests", misleading users into thinking the scan worked. - Track per-repo failures and short-circuit the loop on known blocking errors (rate limit, GraphQL rate limit, abuse detection, auth failure) so subsequent repos don't burn more quota for the same error - Return an error CResult when all repos fail, so scripts can tell the run did not succeed - Add regression tests covering the short-circuit and the all-repos-failed fallback
|
Cursor (@cursor) review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7f7f649. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7f7f649. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7f7f649. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7f7f649. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7f7f649. Configure here.
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 7f7f649. Configure here.
2 participants
Summary
createScanFromGithubsilently swallowed per-repo failures. A rate-limited GitHub token made every repo fail, yet the outer function returnedok:truewith "N repos / 0 manifests", misleading users into thinking the scan worked.CResultwhen every repo fails, so scripts can tell the run did not succeed.Test plan
pnpm --filter @socketsecurity/cli run test:unit test/unit/commands/scan/create-scan-from-github.test.mts— 16 passed (3 new regression tests)pnpm --filter @socketsecurity/cli run test:unit test/unit/commands/scan/— 634 passedpnpm run type— passespnpm run lint— passesNote
Medium Risk
Changes bulk-scan control flow to short-circuit and return failures on rate-limit/auth conditions, which can alter CLI exit behavior and automation expectations.
Overview
Fixes
createScanFromGithubbulk scanning to stop early and returnok:falsewhen hitting blocking GitHub errors (rate limit, GraphQL rate limit, abuse detection, or auth failure) instead of continuing and reporting misleading "0 manifests" success.Also treats the run as an error when all repos fail for non-blocking reasons, and updates the summary logging to report repos actually processed. Adds unit regression tests covering rate-limit short-circuiting, auth failure short-circuiting, and the "all repos failed" case (ASK-167).
Reviewed by Cursor Bugbot for commit 7f7f649. Configure here.