boostsecurityio · Franck-Boost · Jun 23, 2025 · Jun 23, 2025 · Jun 23, 2025 · Jun 23, 2025
diff --git a/scanners/boostsecurityio/boost-sca/module.yaml b/scanners/boostsecurityio/boost-sca/module.yaml
@@ -52,6 +52,10 @@ config:
     - Manifest.toml
 
 setup:
+  - name: Utility scripts
+    run: |
+      mkdir -p $SETUP_PATH/pre-scan-checks/
+      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
       VERSION: 0.61.0
@@ -94,6 +98,7 @@ setup:
       chmod +x trivy
 
 steps:
+  - run: $SETUP_PATH/pre-scan-checks/trivy
   - scan:
       command:
         environment:

diff --git a/scanners/boostsecurityio/bundler-audit/module.yaml b/scanners/boostsecurityio/bundler-audit/module.yaml
@@ -7,6 +7,11 @@ namespace: boostsecurityio/bundler-audit
 scan_types:
   - sca
 
+setup:
+  - name: Utility scripts
+    run: |
+      mkdir -p $SETUP_PATH/pre-scan-checks/
+      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/bundler-audit/prescan_checks.sh $SETUP_PATH/pre-scan-checks/bundler
 
 config:
   support_diff_scan: true
@@ -15,6 +20,7 @@ config:
     - ${GEMFILE_LOCK:-Gemfile.lock}
 
 steps:
+  - run: $SETUP_PATH/pre-scan-checks/bundler
   - scan:
       command:
         docker:

diff --git a/scanners/boostsecurityio/bundler-audit/prescan_checks.sh b/scanners/boostsecurityio/bundler-audit/prescan_checks.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+GEMFILE_LOCK=${GEMFILE_LOCK:-Gemfile.lock}
+if [ "$(ls | grep "$GEMFILE_LOCK" | wc -l)" != "0" ]
+then
+    exit 0
+fi
+
+>&2 echo "Scan misconfiguration: Bundler audit require a $GEMFILE_LOCK file which is missing."
+exit 1 
diff --git a/scanners/boostsecurityio/gosec/module.yaml b/scanners/boostsecurityio/gosec/module.yaml
@@ -12,7 +12,14 @@ config:
   require_full_repo: true
   support_diff_scan: true
 
+setup:
+  - name: Utility scripts
+    run: |
+      mkdir -p $SETUP_PATH/pre-scan-checks/
+      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/gosec/prescan_checks.sh $SETUP_PATH/pre-scan-checks/gosec
+
 steps:
+  - run: $SETUP_PATH/pre-scan-checks/gosec
   - scan:
       command:
         docker:

diff --git a/scanners/boostsecurityio/gosec/prescan_checks.sh b/scanners/boostsecurityio/gosec/prescan_checks.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+if [ "$(find . -name "*.go" | wc -l)" != "0" ]
+then
+    exit 0
+fi
+>&2 echo "Scan misconfiguration: Gosec only work for repositories with go code."
+exit 1 
diff --git a/scanners/boostsecurityio/npm-audit/module.yaml b/scanners/boostsecurityio/npm-audit/module.yaml
@@ -12,7 +12,14 @@ config:
   include_files:
     - package-lock.json
 
+setup:
+  - name: Utility scripts
+    run: |
+      mkdir -p $SETUP_PATH/pre-scan-checks/
+      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/npm-audit/prescan_checks.sh $SETUP_PATH/pre-scan-checks/npm-audit
+
 steps:
+  - run: $SETUP_PATH/pre-scan-checks/npm-audit
   - scan:
       command:
         docker:

diff --git a/scanners/boostsecurityio/npm-audit/prescan_checks.sh b/scanners/boostsecurityio/npm-audit/prescan_checks.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [ "$(ls | grep "package-lock.json" | wc -l)" != "0" ]
+then
+    exit 0
+fi
+
+>&2 echo "Scan misconfiguration: NPM audit require a package-lock.json file which is missing."
+exit 1 
diff --git a/scanners/boostsecurityio/osv-scanner/filelist.txt b/scanners/boostsecurityio/osv-scanner/filelist.txt
@@ -0,0 +1,26 @@
+conan.lock
+pubspec.lock
+mix.lock
+go.mod
+cabal.project.freeze
+stack.yaml.lock
+buildscript-gradle.lockfile
+gradle.lockfile
+verification-metadata.xml
+pom.xml
+package-lock.json
+pnpm-lock.yaml
+yarn.lock
+deps.json
+packages.config
+packages.lock.json
+composer.lock
+Pipfile.lock
+poetry.lock
+requirements.txt
+pdm.lock
+uv.lock
+renv.lock
+Gemfile.lock
+Cargo.lock
+osv-scanner.json
diff --git a/scanners/boostsecurityio/osv-scanner/module.yaml b/scanners/boostsecurityio/osv-scanner/module.yaml
@@ -52,7 +52,14 @@ config:
     # Custom lockfile http://google.github.io/osv-scanner/supported-languages-and-lockfiles/#custom-lockfiles
     - osv-scanner.json
 
+setup:
+  - name: Utility scripts
+    run: |
+      mkdir -p $SETUP_PATH/pre-scan-checks/
+      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/osv-scanner/prescan_checks.sh $SETUP_PATH/pre-scan-checks/osv-scanner
+
 steps:
+- run: $SETUP_PATH/pre-scan-checks/osv-scanner
 - scan:
     command:
       docker:

diff --git a/scanners/boostsecurityio/osv-scanner/prescan_checks.sh b/scanners/boostsecurityio/osv-scanner/prescan_checks.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+while IFS= read -r line; do
+    if [ "$(find . -name "$line" | wc -l)" != "0" ]
+    then
+        exit 0
+    fi
+done < $SETUP_PATH/../../registry/scanners/boostsecurityio/osv-scanner/filelist.txt
+>&2 echo "Scan misconfiguration:"
+>&2 echo "  OSV-Scanner scan did not run because no supported files were detected"
+>&2 echo "  See documentation list of supported file types: https://google.github.io/osv-scanner/supported-languages-and-lockfiles/"
+
+exit 1
diff --git a/scanners/boostsecurityio/trivy-fs/filelist.txt b/scanners/boostsecurityio/trivy-fs/filelist.txt
@@ -0,0 +1,26 @@
+conan.lock
+pubspec.lock
+*.deps.json
+packages.config
+*Packages.props
+packages.lock.json
+mix.lock
+go.mod
+*gradle.lockfile
+pom.xml
+*.sbt.lock
+package-lock.json
+yarn.lock
+pnpm-lock.yaml
+composer.lock
+installed.json
+Pipfile.lock
+requirements.txt
+poetry.lock
+uv.lock
+Gemfile.lock
+.gemspec
+Cargo.lock
+Package.resolved
+Podfile.lock
+Manifest.toml
diff --git a/scanners/boostsecurityio/trivy-fs/module.yaml b/scanners/boostsecurityio/trivy-fs/module.yaml
@@ -51,6 +51,10 @@ config:
     - Manifest.toml
 
 setup:
+  - name: Utility scripts
+    run: |
+      mkdir -p $SETUP_PATH/pre-scan-checks/
+      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
       VERSION: 0.61.0
@@ -93,6 +97,7 @@ setup:
       chmod +x trivy
 
 steps:
+  - run: $SETUP_PATH/pre-scan-checks/trivy
   - scan:
       command:
         environment:

diff --git a/scanners/boostsecurityio/trivy-fs/prescan_checks.sh b/scanners/boostsecurityio/trivy-fs/prescan_checks.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+while IFS= read -r line; do
+if [ "$(find . -name "$line" | wc -l)" != "0" ]
+then
+    exit 0
+fi
+done < $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/filelist.txt
+>&2 echo "Scan misconfiguration:"
+>&2 echo "  Trivy scan did not run because no supported files were detected"
+>&2 echo "  See documentation list of supported file types: https://trivy.dev/v0.61/docs/coverage/language/"
+exit 1
diff --git a/scanners/boostsecurityio/trivy-sbom/module.yaml b/scanners/boostsecurityio/trivy-sbom/module.yaml
@@ -50,6 +50,10 @@ config:
     - Manifest.toml
 
 setup:
+  - name: Utility scripts
+    run: |
+      mkdir -p $SETUP_PATH/pre-scan-checks/
+      cp $SETUP_PATH/../../registry/scanners/boostsecurityio/trivy-fs/prescan_checks.sh $SETUP_PATH/pre-scan-checks/trivy
   - name: download trivy
     environment:
       VERSION: 0.61.0
@@ -92,6 +96,7 @@ setup:
       chmod +x trivy
 
 steps:
+  - run: $SETUP_PATH/pre-scan-checks/trivy
   - scan:
       command:
         environment: