From 426841bb94b99ac96a66326e40b38b64492343d0 Mon Sep 17 00:00:00 2001
From: Rafi <refaei.shikho@hotmail.com>
Date: Tue, 17 Dec 2024 19:13:54 +0100
Subject: [PATCH] fixes post-commit hook material recording

Signed-off-by: Rafi <refaei.shikho@hotmail.com>
---
 cmd/devguard-scanner/commands/intoto/intoto.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/devguard-scanner/commands/intoto/intoto.go b/cmd/devguard-scanner/commands/intoto/intoto.go
index 928a10a..c55cd0d 100644
--- a/cmd/devguard-scanner/commands/intoto/intoto.go
+++ b/cmd/devguard-scanner/commands/intoto/intoto.go
@@ -202,7 +202,8 @@ func newInTotoSetupCommand() *cobra.Command {
 				return err
 			}
 
-			commandString := fmt.Sprintf(`devguard-scanner intoto run --step=post-commit --apiUrl="%s" --assetName="%s"`, apiUrl, assetName)
+			// use empty materials string to avoid default "." which would result in duplicate materials and products
+			commandString := fmt.Sprintf(`devguard-scanner intoto run --materials="" --step=post-commit --apiUrl="%s" --assetName="%s"`, apiUrl, assetName)
 
 			// check if a git post-commit hook exists
 			if _, err := os.Stat(".git/hooks/post-commit"); os.IsNotExist(err) {