-
Original Post in PGV: bufbuild/protoc-gen-validate#480
**Feature description:**
Extend the capabilities of the `protovalidate` library to include support for performing runtime validation of Proto…
-
**Describe the bug**
I am pointing dependencyCheck to a package.json, for which there exists a pnpm-lock.yaml. However I get the warning: [WARN] No lock file exists - this will result in false negati…
-
Not all package managers have scopes such as Python where its `requirements.txt` is basically a flat list of dependencies. What if in https://github.com/heremaps/xyz-spaces-python/blob/master/requirem…
-
Now that we have switched to wheels for packages, our current distribution model reaches its limits as it doesn't allow,
- having multiple available versions of a package for a given Python/Emscript…
-
**Describe the bug**
DependencyCheck is looking for files outside of scan directory when bcrypt is one of the npm packages.
**Version of dependency-check used**
`Dependency-Check Core version 6.0…
-
How to set up docker image to authenticate with private maven repository?
-
**Describe the bug**
The depencendy-check flags the wrong packages with the wrong identifiers :
Identified : **pkg:javascript/lodash@3.0.3**
Flaged : **pkg:javascript/lodash.isboolean@3.0.3**
Id…
-
Hi,
I installed the latest Opemsemanticsearch Version as deb-Package in my Ubuntu 22 LTS Hyper-V machine. I'd like to use OSS for our about 1700 docx documentations of non standard Feature of our Sof…
-
I am (still) trying to understand the inner workings of this great project better.
Which data source tells dependency-check that Nimbus 9.37.2 is not affected by CVE-2023-52428?
The NIST/MITRE e…
-
**Describe the bug**
DependencyChecker gets stuck after "[INFO] Finished Jar Analyzer (1 seconds)", i.e., during running the Central Analyzer, in multiple pipelines. During past 2-3 days, pipeline bu…