-
Tracking issue for:
- [ ] https://github.com/2lambda123/garden-io-garden/security/code-scanning/203
-
Tracking issue for:
- [ ] https://github.com/2lambda123/garden-io-garden/security/code-scanning/204
-
## Short Description
Detect licenses of dependencies too.
## Possible Labels
[dependencies](https://github.com/nexB/scancode-toolkit/labels/dependencies)
[improve-license-detection](http…
-
Hey osv team, I've been running into some issues with scanning `pom.xml` files which have a `` tag:
osv-scanner v1.7.3 and latest (v1.9.0) are unable to scan this repository: https://github.com/javae…
-
In order to ensure the framework is using libraries that do not contain vulnerabilities, it would help to have the framework scanned automatically.
Due to the non-standard nature of dependency han…
-
Currently we only show vulnerabilities for transitive dependencies but not the path how we depend on the vulnerable dependency. Considering the lack of lockfile for these ecosystem, it will be helpful…
-
After installing the latest release of this plugin, the `npx cap update` command results in error during the pod install phase, see the following output:
```bash
$ npx cap update …
-
Hi,
I am evaluating at the moment how I can create SBOMs out of an APK and upload them to dependency-track to check for known vulnerabilities. I tried today blint.
I've got a simple Android app…
-
i pull the cache data (json) :
ls **~/java/target/docs**:
......
nvdcve-1.1-2024.json.gz
.....
staff 376K 10 24 16:01 nvdcve-1.1-recent.json.gz
staff 162B 10 24 16:01 nv…
-
Is there any way to ignore transitive dependencies in the SBOM scan and include direct dependencies only?
In spdx there is a way to ignore the transitive dependencies in plugin configuration. is ther…