[WebKit vendored code] osv-scanner fails to identify ANGLE and webrtc projects

[ddkilzer]

Summary:

osv-scanner fails to identify ANGLE and webrtc projects in the WebKit project while scanning for vendored code dependencies.

Steps to Reproduce:

1. Check out WebKit (at commit WebKit/WebKit@fda3885):

    git clone https://github.com/WebKit/WebKit.git WebKit.git

2. Run osv-scanner (at commit 85563d9):

    go run ./cmd/osv-scanner/main.go -r WebKit.git/Source/ThirdParty

Expected Results:

osv-scanner identifies ANGLE and webrtc as vendored code dependencies.

Actual Results:

osv-scanner fails to identify ANGLE and webrtc as vendored code dependencies.

Scanning dir WebKit.git/Source/ThirdParty
Scanning directory for vendored libs: WebKit.git/Source/ThirdParty
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/ANGLE
[...]
Scanning potential vendored dir: WebKit.git/Source/ThirdParty/libwebrtc
[...]
Scanning directory for vendored libs: WebKit.git/Source/ThirdParty/ANGLE/src/third_party
[...]
Scanning directory for vendored libs: WebKit.git/Source/ThirdParty/libwebrtc/Source/third_party
[...]

Notes:

Both ANGLE and libwebrtc folders have their own third-party subfolders with additional vendored code dependencies.

[oliverchang]

They're not indexed currently. We'll get these added.

[oliverchang]

Taking a closer look here, it looks like webrtc and ANGLE do not do release tags, which is blocking our current indexing mechanisms.

@andrewpollock FYI since this was a case that you mentioned.