remove the large list of everchanging deps from the python scans (#1381)

pauld-msft · web-flow · commit cd49c502d269 · 2025-04-04T14:37:05.000-04:00
diff --git a/.github/workflows/snapshot-publish.yml b/.github/workflows/snapshot-publish.yml
@@ -56,7 +56,7 @@ jobs:
         run:
           dotnet run scan --Verbosity Verbose --SourceDirectory ${{ github.workspace }}/test/Microsoft.ComponentDetection.VerificationTests/resources --Output ${{ github.workspace }}/output
           --DockerImagesToScan "docker.io/library/debian@sha256:9b0e3056b8cd8630271825665a0613cc27829d6a24906dc0122b3b4834312f7d,mcr.microsoft.com/cbl-mariner/base/core@sha256:c1bc83a3d385eccbb2f7f7da43a726c697e22a996f693a407c35ac7b4387cd59,docker.io/library/alpine@sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870"
-          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff
+          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**"
 
       - name: Upload output folder
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
diff --git a/.github/workflows/snapshot-verify.yml b/.github/workflows/snapshot-verify.yml
@@ -90,7 +90,7 @@ jobs:
         run:
           dotnet run scan --Verbosity Verbose --SourceDirectory ${{ github.workspace }}/test/Microsoft.ComponentDetection.VerificationTests/resources --Output ${{ github.workspace }}/output
           --DockerImagesToScan "docker.io/library/debian@sha256:9b0e3056b8cd8630271825665a0613cc27829d6a24906dc0122b3b4834312f7d,mcr.microsoft.com/cbl-mariner/base/core@sha256:c1bc83a3d385eccbb2f7f7da43a726c697e22a996f693a407c35ac7b4387cd59,docker.io/library/alpine@sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870"
-          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff --MaxDetectionThreads 5
+          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff --MaxDetectionThreads 5 --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**"
 
       - name: Run Verification Tests
         working-directory: test/Microsoft.ComponentDetection.VerificationTests
diff --git a/test/Microsoft.ComponentDetection.VerificationTests/resources/VerificationTest.ps1 b/test/Microsoft.ComponentDetection.VerificationTests/resources/VerificationTest.ps1
@@ -42,15 +42,17 @@ function main()
     dotnet run scan --SourceDirectory $verificationTestRepo --Output $output `
                     --DockerImagesToScan $dockerImagesToScan `
                     --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff,CondaLock=EnableIfDefaultOff,ConanLock=EnableIfDefaultOff `
-                    --MaxDetectionThreads 5 --DebugTelemetry
+                    --MaxDetectionThreads 5 --DebugTelemetry `
+                    --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**"
 
     Set-Location $CDRelease
     dotnet restore
     Set-Location ($CDRelease + "\src\Microsoft.ComponentDetection")
     dotnet run scan --SourceDirectory $verificationTestRepo --Output $releaseOutput `
                     --DockerImagesToScan $dockerImagesToScan `
                     --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff,CondaLock=EnableIfDefaultOff,ConanLock=EnableIfDefaultOff `
-                    --MaxDetectionThreads 5 --DebugTelemetry
+                    --MaxDetectionThreads 5 --DebugTelemetry `
+                    --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**"
 
     $env:GITHUB_OLD_ARTIFACTS_DIR = $releaseOutput
     $env:GITHUB_NEW_ARTIFACTS_DIR = $output
diff --git a/test/Microsoft.ComponentDetection.VerificationTests/resources/pip/requirements.txt b/test/Microsoft.ComponentDetection.VerificationTests/resources/pip/requirements.txt
@@ -1,36 +1,37 @@
-absl-py==0.10.0
+absl-py==2.2.2
 astunparse==1.6.3
-cachetools==4.1.1
-certifi==2020.6.20
-chardet==3.0.4
-configparser==5.0.0
-gast==0.3.3
-google-auth==1.21.3
-google-auth-oauthlib==0.4.1
+certifi==2025.1.31
+charset-normalizer==3.4.1
+flatbuffers==25.2.10
+gast==0.6.0
 google-pasta==0.2.0
-grpcio==1.32.0
-h5py==2.10.0
-idna==2.10
-importlib-metadata==2.0.0
-Keras-Preprocessing==1.1.2
-Markdown==3.2.2
-numpy==1.18.5
-oauthlib==3.1.0
-opt-einsum==3.3.0
-protobuf==3.13.0
-pyasn1==0.4.8
-pyasn1-modules==0.2.8
-requests==2.24.0
-requests-oauthlib==1.3.0
-rsa==4.6
-scipy==1.4.1
-six==1.15.0
-tensorboard==2.3.0
-tensorboard-plugin-wit==1.7.0
-tensorflow==2.3.0
-tensorflow-estimator==2.3.0
-termcolor==1.1.0
-urllib3==1.25.10
-Werkzeug==1.0.1
-wrapt==1.12.1
-zipp==3.2.0
+grpcio==1.71.0
+h5py==3.13.0
+idna==3.10
+keras==3.9.2
+libclang==18.1.1
+Markdown==3.7
+markdown-it-py==3.0.0
+MarkupSafe==3.0.2
+mdurl==0.1.2
+ml_dtypes==0.5.1
+namex==0.0.8
+numpy==2.1.3
+opt_einsum==3.4.0
+optree==0.14.1
+packaging==24.2
+protobuf==5.29.4
+Pygments==2.19.1
+requests==2.32.3
+rich==14.0.0
+setuptools==78.1.0
+six==1.17.0
+tensorboard==2.19.0
+tensorboard-data-server==0.7.2
+tensorflow==2.19.0
+termcolor==3.0.1
+typing_extensions==4.13.1
+urllib3==2.3.0
+Werkzeug==3.1.3
+wheel==0.45.1
+wrapt==1.17.2
