Skip to content

PROJQUAY-11621: docs: add repo context files#163

Closed
sudipshil9862 wants to merge 1 commit into
quay:masterfrom
sudipshil9862:quay-contextification
Closed

PROJQUAY-11621: docs: add repo context files#163
sudipshil9862 wants to merge 1 commit into
quay:masterfrom
sudipshil9862:quay-contextification

Conversation

@sudipshil9862

@sudipshil9862 sudipshil9862 commented Jun 29, 2026

Copy link
Copy Markdown

Summary

Adds the required contextification docs for container-security-operator as part of PROJQUAY-11621.

Changes

  • Adds ARCHITECTURE.md with component layout, data flow, and OpenShift integration context.
  • Adds CONTRIBUTING.md with setup, testing, and review guidance.
  • Updates README.md with a contextification addendum and architecture diagram.
  • Updates AGENTS.md with low-token routing for AI agents.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Walkthrough

Adds three new documentation files/sections: a full ARCHITECTURE.md describing the operator's component design, data flow, labeling strategy, and reconciliation behavior; a CONTRIBUTING.md with setup, development, and testing guidance; and "Contextification Addendum" sections appended to README.md and AGENTS.md with directory routing, commands, and guardrails.

Changes

Documentation

Layer / File(s) Summary
Operator architecture documentation
ARCHITECTURE.md
New file documenting purpose, Mermaid flow diagram, components (/apis/secscan/v1alpha1, /cmd/manager, /labeller, /k8sutils), end-to-end data flow, pod labeling strategy (secscan/hasVulnerabilities, secscan/highestSeverity, secscan/affectedByVulns), reconciliation paths for ImageManifestVuln and pod events, performance characteristics, and OpenShift console integration details.
Contributor and contextual guidance
CONTRIBUTING.md, README.md, AGENTS.md
Adds CONTRIBUTING.md with prerequisites, directory structure, and PR workflow. Appends "Contextification Addendum" to README.md (Mermaid flowchart, key paths, commands) and AGENTS.md (low-token directory routing, consolidated commands, pod label vs. ImageManifestVuln guardrail).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

🧹 Nitpick comments (4)
ARCHITECTURE.md (3)

26-32: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Add language specifier to fenced code block to satisfy markdownlint.

The ASCII art diagram block triggers MD040. Add text as the language specifier to suppress the warning without affecting rendering.

  • Clair/Quay (creates ImageManifestVuln CRs)
    

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @ARCHITECTURE.md around lines 26 - 32, Add a language specifier to the fenced
ASCII diagram in ARCHITECTURE.md so markdownlint no longer flags MD040. Update
the diagram block near the Clair/Quay and container-security-operator section to
use a text fence, keeping the content unchanged and preserving the rendering.


</details>

<!-- cr-comment:v1:b4755c017833c3c0b1b512f7 -->

_Source: Linters/SAST tools_

---

`100-113`: _📐 Maintainability & Code Quality_ | _🔵 Trivial_ | _💤 Low value_

**Add language specifier to fenced code block to satisfy markdownlint.**

The reconciliation flow block triggers MD040. Add `text` as the language specifier.

```diff
  • Watch ImageManifestVuln:
    

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @ARCHITECTURE.md around lines 100 - 113, The fenced reconciliation flow block
in ARCHITECTURE.md is missing a language specifier and triggers markdownlint
MD040. Update the code fence around the Watch ImageManifestVuln / Watch Pods
section to use text as the fence language so the markdown lint rule is
satisfied.


</details>

<!-- cr-comment:v1:d40a0e638d203a3b264c0649 -->

_Source: Linters/SAST tools_

---

`62-89`: _📐 Maintainability & Code Quality_ | _🔵 Trivial_ | _💤 Low value_

**Add language specifier to fenced code block to satisfy markdownlint.**

The data flow steps block triggers MD040. Add `text` as the language specifier.

```diff
  • 1. Quay/Clair scans image → creates ImageManifestVuln CR:
    

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @ARCHITECTURE.md around lines 62 - 89, The data flow example in
ARCHITECTURE.md is an untyped fenced block that triggers markdownlint MD040;
update the fenced block around the Quay/Clair scan and operator workflow steps
to use a text language specifier. Make this change in the markdown section
containing the ImageManifestVuln, operator watches, and labels flow so the block
remains readable while satisfying linting.


</details>

<!-- cr-comment:v1:1fa5b04fb361cda6856f37ff -->

_Source: Linters/SAST tools_

</blockquote></details>
<details>
<summary>CONTRIBUTING.md (1)</summary><blockquote>

`13-13`: _📐 Maintainability & Code Quality_ | _🔵 Trivial_ | _💤 Low value_

**Remove or relocate misplaced purpose statement.**

The sentence "Displays Clair vulnerability scan results in OpenShift console." under the Development section is a product description, not development guidance. It appears redundant with the README/ARCHITECTURE purpose statements and doesn't help contributors develop.

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @CONTRIBUTING.md at line 13, The Development section in CONTRIBUTING.md
contains a misplaced product-purpose sentence that should be removed or moved
elsewhere. Update the CONTRIBUTING.md content around the Development guidance so
it only includes contributor instructions, and relocate or delete the “Displays
Clair vulnerability scan results in OpenShift console.” statement since it
belongs in a product overview section such as README or ARCHITECTURE.


</details>

<!-- cr-comment:v1:676e87b6a763609b73c1c130 -->

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @AGENTS.md:

  • Line 48: The Project Structure section in AGENTS.md is inconsistent with the
    entrypoint path used elsewhere, since it refers to the generic cmd/ directory
    instead of the specific cmd/security-labeller/ entrypoint. Update the entrypoint
    reference in that section to match the exact path already used in the low-token
    routing guidance so the file consistently points to the same executable
    location.

In @ARCHITECTURE.md:

  • Line 39: Update the ImageManifestVuln severity documentation to match the
    actual severity handling in the vulnerability count logic. Expand the severity
    enumeration in ARCHITECTURE.md to include Defcon1, Negligible, and Unknown so it
    aligns with the symbols used in labeller/manifest.go and no longer conflicts
    with the implemented severity set.
  • Around line 93-97: The Pod label documentation for secscan/highestSeverity is
    incomplete and does not match the values produced by the labeller. Update the
    label value list in the Pod labels section to include all possible severities
    from the labeller/manifest.go logic, specifically Defcon1, Negligible, and
    Unknown, alongside the existing Critical, High, Medium, and Low values.
  • Around line 84-87: The architecture doc is describing a label that the
    operator does not actually support. Update the docs around the label handling in
    the relevant section so they only mention the labels written by the operator’s
    current logic, such as secscan/hasVulnerabilities and secscan/highestSeverity,
    or add implementation support for secscan/affectedByVulns if that behavior is
    intended. Refer to the label-writing code path and any documentation entries for
    these labels to keep them consistent.

In @CONTRIBUTING.md:

  • Around line 38-42: Update the Code Structure section so it matches the actual
    project layout and the other docs: replace the inconsistent operator entrypoint
    path in the directory list to use the same symbol/path referenced by AGENTS.md,
    and add the missing top-level directories referenced elsewhere, including
    secscan/, image/, generated/, and hack/. Keep the directory descriptions aligned
    with README.md and AGENTS.md so the documented structure is consistent across
    the repo.

In @README.md:

  • Line 153: The README “Key paths” entry uses the ambiguous cmd/ label, so
    update that list to the repo’s actual entrypoint directory name and make it
    consistent with the references in CONTRIBUTING.md, AGENTS.md, and
    ARCHITECTURE.md. Locate the README key-paths section and replace every
    entrypoint mention with the same canonical directory name used by the codebase
    so all docs point to one standard path.
  • Line 155: The contributor docs still mention a non-existent make test target,
    so update the docs to match the real test command or add the missing target.
    Adjust the relevant documentation entry that references build/run/test commands,
    and ensure it consistently points to go test -v ./... rather than make test so
    contributors use the supported workflow.

Nitpick comments:
In @ARCHITECTURE.md:

  • Around line 26-32: Add a language specifier to the fenced ASCII diagram in
    ARCHITECTURE.md so markdownlint no longer flags MD040. Update the diagram block
    near the Clair/Quay and container-security-operator section to use a text fence,
    keeping the content unchanged and preserving the rendering.
  • Around line 100-113: The fenced reconciliation flow block in ARCHITECTURE.md
    is missing a language specifier and triggers markdownlint MD040. Update the code
    fence around the Watch ImageManifestVuln / Watch Pods section to use text as the
    fence language so the markdown lint rule is satisfied.
  • Around line 62-89: The data flow example in ARCHITECTURE.md is an untyped
    fenced block that triggers markdownlint MD040; update the fenced block around
    the Quay/Clair scan and operator workflow steps to use a text language
    specifier. Make this change in the markdown section containing the
    ImageManifestVuln, operator watches, and labels flow so the block remains
    readable while satisfying linting.

In @CONTRIBUTING.md:

  • Line 13: The Development section in CONTRIBUTING.md contains a misplaced
    product-purpose sentence that should be removed or moved elsewhere. Update the
    CONTRIBUTING.md content around the Development guidance so it only includes
    contributor instructions, and relocate or delete the “Displays Clair
    vulnerability scan results in OpenShift console.” statement since it belongs in
    a product overview section such as README or ARCHITECTURE.

</details>

<details>
<summary>🪄 Autofix (Beta)</summary>

Fix all unresolved CodeRabbit comments on this PR:

- [ ] <!-- {"checkboxId": "4b0d0e0a-96d7-4f10-b296-3a18ea78f0b9"} --> Push a commit to this branch (recommended)
- [ ] <!-- {"checkboxId": "ff5b1114-7d8c-49e6-8ac1-43f82af23a33"} --> Create a new PR with the fixes

</details>

---

<details>
<summary>ℹ️ Review info</summary>

<details>
<summary>⚙️ Run configuration</summary>

**Configuration used**: Organization UI

**Review profile**: CHILL

**Plan**: Enterprise

**Run ID**: `963c095d-faf4-4695-b54d-3e1f396be36b`

</details>

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 8806d68a84925dfd45a1b666bda2c45279c36967 and 44fd1b798d22271e4ed9a228f180c97e17cc7dbd.

</details>

<details>
<summary>📒 Files selected for processing (4)</summary>

* `AGENTS.md`
* `ARCHITECTURE.md`
* `CONTRIBUTING.md`
* `README.md`

</details>

</details>

<details>
<summary>📜 Review details</summary>

<details>
<summary>⏰ Context from checks skipped due to timeout. (2)</summary>

* GitHub Check: Tests
* GitHub Check: Build

</details>

<details>
<summary>🧰 Additional context used</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.22.1)</summary>

<details>
<summary>ARCHITECTURE.md</summary>

[warning] 26-26: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 62-62: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 100-100: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

</details>

<details>
<summary>🔇 Additional comments (1)</summary><blockquote>

<details>
<summary>ARCHITECTURE.md (1)</summary><blockquote>

`117-119`: **Remove the custom indexer claim**

The controller is watch-based, but `cache.Indexers{}` is passed to both informers, so there isn’t a dedicated image digest → ImageManifestVuln indexer here; the lookup uses the informer’s default key index via `GetIndexer().GetByKey(...)`.


				> Likely an incorrect or invalid review comment.

<!-- cr-comment:v1:68b6f0a863be377e9b1aa442 -->

</blockquote></details>

</blockquote></details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

Comment thread AGENTS.md

Low-token routing:

- Entrypoint: `cmd/`

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Inconsistent entrypoint directory within the same file.

The low-token routing uses cmd/ but the Project Structure section above specifies cmd/security-labeller/. Use the precise path for consistency.

- - Entrypoint: `cmd/`
+ - Entrypoint: `cmd/security-labeller/`
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- Entrypoint: `cmd/`
- Entrypoint: `cmd/security-labeller/`
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@AGENTS.md` at line 48, The Project Structure section in AGENTS.md is
inconsistent with the entrypoint path used elsewhere, since it refers to the
generic cmd/ directory instead of the specific cmd/security-labeller/
entrypoint. Update the entrypoint reference in that section to match the exact
path already used in the low-token routing guidance so the file consistently
points to the same executable location.

Comment thread ARCHITECTURE.md
### `/apis/secscan/v1alpha1`
CRD definitions:
- `ImageManifestVuln`: Vulnerability data for image manifest
- Severity (Critical, High, Medium, Low)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Incomplete severity enumeration in CRD definition.

The ImageManifestVuln severity list omits Defcon1, Negligible, and Unknown which are defined in the actual vulnerability count logic (labeller/manifest.go:23-42). This creates a discrepancy between documentation and code.

-  - Severity (Critical, High, Medium, Low)
+  - Severity (Defcon1, Critical, High, Medium, Low, Negligible, Unknown)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- Severity (Critical, High, Medium, Low)
- Severity (Defcon1, Critical, High, Medium, Low, Negligible, Unknown)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ARCHITECTURE.md` at line 39, Update the ImageManifestVuln severity
documentation to match the actual severity handling in the vulnerability count
logic. Expand the severity enumeration in ARCHITECTURE.md to include Defcon1,
Negligible, and Unknown so it aligns with the symbols used in
labeller/manifest.go and no longer conflicts with the implemented severity set.

Comment thread ARCHITECTURE.md
Comment on lines +84 to +87
secscan/hasVulnerabilities: "true"
secscan/highestSeverity: "High"
secscan/affectedByVulns: "CVE-2023-1234,CVE-2023-5678"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify affectedByVulns label existence and truncation logic
ast-grep run --pattern 'affectedByVulns' --lang go
rg -n 'affectedByVulns' --type=go

Repository: quay/container-security-operator

Length of output: 170


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== ARCHITECTURE.md around the cited lines ==\n'
sed -n '70,100p' ARCHITECTURE.md || true

printf '\n== Search for secscan label references ==\n'
rg -n 'secscan/|affectedByVulns|hasVulnerabilities|highestSeverity|CVE-2023|truncate|63 characters|label value limit' .

printf '\n== Go files mentioning secscan ==\n'
rg -n 'secscan' --type=go .

Repository: quay/container-security-operator

Length of output: 26996


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== labeller/manifest.go label construction ==\n'
sed -n '70,170p' labeller/manifest.go

printf '\n== label-related helpers in labeller/manifest.go ==\n'
sed -n '1,70p' labeller/manifest.go

printf '\n== occurrences of Label map keys in labeller ==\n'
rg -n 'Labels|labelPrefix|hasVulnerabilities|highestSeverity|affectedByVulns' labeller

Repository: quay/container-security-operator

Length of output: 6316


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== labeller/manifest.go 170-240 ==\n'
sed -n '170,240p' labeller/manifest.go

printf '\n== labeller/labeller.go label interactions ==\n'
sed -n '500,620p' labeller/labeller.go

printf '\n== search for Kubernetes label value length handling ==\n'
rg -n '63|length|truncate|truncat|label.*value|Kubernetes.*label|allowed by the label syntax' .

Repository: quay/container-security-operator

Length of output: 16486


Remove secscan/affectedByVulns from this architecture doc or add the missing label handling.
The operator only writes secscan/hasVulnerabilities and secscan/highestSeverity; affectedByVulns isn’t implemented, and label values aren’t truncated today.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ARCHITECTURE.md` around lines 84 - 87, The architecture doc is describing a
label that the operator does not actually support. Update the docs around the
label handling in the relevant section so they only mention the labels written
by the operator’s current logic, such as secscan/hasVulnerabilities and
secscan/highestSeverity, or add implementation support for
secscan/affectedByVulns if that behavior is intended. Refer to the label-writing
code path and any documentation entries for these labels to keep them
consistent.

Comment thread ARCHITECTURE.md
Comment on lines +93 to +97
Pod labels:
- `secscan/hasVulnerabilities`: "true" | "false"
- `secscan/highestSeverity`: "Critical" | "High" | "Medium" | "Low"
- `secscan/affectedByVulns`: comma-separated CVE list (truncated if >63 chars)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Incomplete severity enumeration in label values.

The secscan/highestSeverity label values omit Defcon1, Negligible, and Unknown which the operator can produce per labeller/manifest.go:23-42. This misrepresents the possible label values.

- `secscan/highestSeverity`: "Critical" | "High" | "Medium" | "Low"
+ `secscan/highestSeverity`: "Defcon1" | "Critical" | "High" | "Medium" | "Low" | "Negligible" | "Unknown"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Pod labels:
- `secscan/hasVulnerabilities`: "true" | "false"
- `secscan/highestSeverity`: "Critical" | "High" | "Medium" | "Low"
- `secscan/affectedByVulns`: comma-separated CVE list (truncated if >63 chars)
Pod labels:
- `secscan/hasVulnerabilities`: "true" | "false"
- `secscan/highestSeverity`: "Defcon1" | "Critical" | "High" | "Medium" | "Low" | "Negligible" | "Unknown"
- `secscan/affectedByVulns`: comma-separated CVE list (truncated if >63 chars)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ARCHITECTURE.md` around lines 93 - 97, The Pod label documentation for
secscan/highestSeverity is incomplete and does not match the values produced by
the labeller. Update the label value list in the Pod labels section to include
all possible severities from the labeller/manifest.go logic, specifically
Defcon1, Negligible, and Unknown, alongside the existing Critical, High, Medium,
and Low values.

Comment thread CONTRIBUTING.md
Comment on lines +38 to +42
- `apis/secscan/v1alpha1/` - CRD types
- `cmd/manager/` - operator entrypoint
- `labeller/` - pod vulnerability labeling
- `k8sutils/` - K8s client helpers
- `bundle/` - OLM metadata

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Directory path inconsistency and incompleteness.

The Code Structure section lists cmd/manager/ but AGENTS.md references cmd/security-labeller/. These must be consistent. Also missing secscan/, image/, generated/, and hack/ directories that are referenced in README.md and AGENTS.md.

  - `apis/secscan/v1alpha1/` - CRD types
- - `cmd/manager/` - operator entrypoint
+ - `cmd/security-labeller/` - operator entrypoint
  - `labeller/` - pod vulnerability labeling
  - `k8sutils/` - K8s client helpers
+ - `secscan/` - registry client for vulnerability data
+ - `image/` - container image ID parsing
+ - `generated/` - auto-generated clients (do not edit)
+ - `hack/` - build scripts and helpers
  - `bundle/` - OLM metadata
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- `apis/secscan/v1alpha1/` - CRD types
- `cmd/manager/` - operator entrypoint
- `labeller/` - pod vulnerability labeling
- `k8sutils/` - K8s client helpers
- `bundle/` - OLM metadata
- `apis/secscan/v1alpha1/` - CRD types
- `cmd/security-labeller/` - operator entrypoint
- `labeller/` - pod vulnerability labeling
- `k8sutils/` - K8s client helpers
- `secscan/` - registry client for vulnerability data
- `image/` - container image ID parsing
- `generated/` - auto-generated clients (do not edit)
- `hack/` - build scripts and helpers
- `bundle/` - OLM metadata
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CONTRIBUTING.md` around lines 38 - 42, Update the Code Structure section so
it matches the actual project layout and the other docs: replace the
inconsistent operator entrypoint path in the directory list to use the same
symbol/path referenced by AGENTS.md, and add the missing top-level directories
referenced elsewhere, including secscan/, image/, generated/, and hack/. Keep
the directory descriptions aligned with README.md and AGENTS.md so the
documented structure is consistent across the repo.

Comment thread README.md
pods --> console
```

Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Use precise and consistent entrypoint directory name.

cmd/ is ambiguous. CONTRIBUTING.md uses cmd/manager/, AGENTS.md uses cmd/security-labeller/, and ARCHITECTURE.md references /cmd/manager. Standardize on the actual directory name.

- Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.
+ Key paths: `apis/secscan/v1alpha1/`, `cmd/security-labeller/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.
Key paths: `apis/secscan/v1alpha1/`, `cmd/security-labeller/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 153, The README “Key paths” entry uses the ambiguous cmd/
label, so update that list to the repo’s actual entrypoint directory name and
make it consistent with the references in CONTRIBUTING.md, AGENTS.md, and
ARCHITECTURE.md. Locate the README key-paths section and replace every
entrypoint mention with the same canonical directory name used by the codebase
so all docs point to one standard path.

Comment thread README.md

Key paths: `apis/secscan/v1alpha1/`, `cmd/`, `labeller/`, `secscan/`, `image/`, `generated/`, `bundle/`, and `hack/`.

Use `make build`, `make run`, `make installcrds`, `go test -v ./...`, and `make codegen`. Do not edit generated clients manually.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify Makefile test target
cat Makefile | grep -A3 '^test:'

Repository: quay/container-security-operator

Length of output: 170


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf 'FILES:\n'
git ls-files | rg '(^|/)(Makefile|README\.md|CONTRIBUTING\.md)$' || true

printf '\nMAKEFILE TEST TARGET SEARCH:\n'
rg -n '^[[:space:]]*test:' Makefile || true

printf '\nMAKEFILE TEST REFERENCES:\n'
rg -n 'make test|go test -v ./\.\.\.|go test' Makefile README.md CONTRIBUTING.md || true

printf '\nCONTRIBUTING EXCERPT:\n'
if [ -f CONTRIBUTING.md ]; then
  rg -n -A3 -B3 'make test|go test -v ./\.\.\.' CONTRIBUTING.md || true
fi

printf '\nREADME EXCERPT:\n'
if [ -f README.md ]; then
  rg -n -A3 -B3 'make build|make run|make installcrds|go test -v ./\.\.\.|make codegen' README.md || true
fi

Repository: quay/container-security-operator

Length of output: 1229


🏁 Script executed:

#!/bin/bash
set -euo pipefail

wc -l Makefile CONTRIBUTING.md README.md

printf '\nMAKEFILE TARGETS:\n'
rg -n '^[A-Za-z0-9_.-]+:' Makefile

printf '\nMAKEFILE TEST-RELATED LINES:\n'
rg -n 'go test|test-e2e|unit test|unit tests|test:' Makefile

printf '\nCONTRIBUTING TEST-RELATED LINES:\n'
rg -n -A2 -B2 'make test|go test|unit test|unit tests' CONTRIBUTING.md

printf '\nREADME TEST-RELATED LINES:\n'
rg -n -A2 -B2 'make test|go test|unit test|unit tests' README.md

Repository: quay/container-security-operator

Length of output: 556


Standardize the test command in the docs

CONTRIBUTING.md still references make test, but this Makefile doesn’t define a test target. Align the contributor docs with the actual command (go test -v ./...) or add the missing target.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 155, The contributor docs still mention a non-existent
make test target, so update the docs to match the real test command or add the
missing target. Adjust the relevant documentation entry that references
build/run/test commands, and ensure it consistently points to go test -v ./...
rather than make test so contributors use the supported workflow.

@ibazulic

Copy link
Copy Markdown
Member

I believe CSO is deprecated and not being actively worked on.

@sudipshil9862

Copy link
Copy Markdown
Author

closed pr as CSO is deprecated after 3.16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants