Add stale branch scan

[Talgarr]

This add a feature to efficiently find workflows on all branches of a repository to find possible on pull_request_target event workflow and then analyze them with poutine.

[Copilot]

Pull Request Overview

This PR implements a new feature to scan repositories for stale branches by analyzing workflows across branches using the poutine analysis tool. Key changes include:

• Refactoring of the ScanPackage function in the inventory package to separate scanner initialization.
• Addition of new methods in the GitClient interface (e.g., FetchCone, BlobMatches, GetUniqWorkflowsBranches) for handling workflow retrieval on remote branches.
• Updates to formatters (SARIF, Pretty, JSON) to support path associations and integration with branch workflows, along with enhancements in the analyze package for stale branch analysis.

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
scanner/inventory.go	Renamed ScanPackage to ScanPackageScanner and added a wrapper.
results/results.go	Added a new field "Blobsha" to FindingMeta.
providers/gitops/gitops_test.go	Updated tests for GitClient functionalities with new regex cases.
providers/gitops/gitops.go	Introduced FetchCone and updated branch workflow lookup methods.
models/branch_info.go	Added a new BranchInfo model.
formatters/sarif/sarif.go	Added a stub for FormatWithPath.
formatters/pretty/pretty.go	Extended FormatWithPath to render a summary table with branch info.
formatters/json/json.go	Extended FormatWithPath to include path associations in the output.
cmd/analyzeRepoStaleBranches.go	Added a new Cobra command to analyze stale branches in a repository.
analyze/analyze.go	Updated the analysis flow to integrate cone fetching, workflow matching, and formatting with branch paths.

Comments suppressed due to low confidence (3)

results/results.go:25

• [nitpick] Consider renaming 'Blobsha' to 'BlobSHA' to follow common acronym casing conventions.

Blobsha       string   `json:"blobsha,omitempty"`

providers/gitops/gitops.go:206

• [nitpick] Consider renaming the iteration variable (e.g. to 'branchList') to avoid shadowing and improve clarity.

for _, branches := range branches {

formatters/pretty/pretty.go:76

• Ensure that the 'tablewriter' package is imported, as it is used in printFindingsPerWorkflow but the diff does not include its import.

table := tablewriter.NewWriter(out)

[Copilot]

Pull Request Overview

This PR adds a "stale branch scan" feature to efficiently analyze workflows on all branches of a repository by integrating a new scan process with poutine. Key changes include adjustments to the inventory scanning API, updates to Git operations (including new methods for fetching a cone and matching blobs), and extended formatting and CLI support for the new analysis mode.

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
scanner/inventory.go	Updated scanning functions to incorporate a new InventoryScanner.
results/results.go	Added a new field (Blobsha) in the FindingMeta structure.
providers/gitops/gitops_test.go	Extended tests to cover blob matching and unique workflow branch retrieval (note minor typos).
providers/gitops/gitops.go	Added methods (FetchCone, BlobMatches, GetUniqWorkflowsBranches) for enhanced Git operations.
models/branch_info.go	Introduced a new data structure (BranchInfo) for workflow associations.
formatters/sarif/sarif.go	Added a stub for FormatWithPath.
formatters/pretty/pretty.go	Implemented a new FormatWithPath function for pretty output.
formatters/json/json.go	Added a FormatWithPath function that enriches output with blobsha paths.
cmd/analyzeRepoStaleBranches.go	Introduced a new CLI command to analyze stale branches.
analyze/analyze.go	Extended analysis flow for stale branches and cone fetching integration.

[fproulx-boostsecurity]

LGTM, nitpicking better CLI help / descriptions

[fproulx-boostsecurity]

LGTM, nitpicking better CLI help / descriptions