-
## Problem
In the resulting `manifest.spdx.json` file created by SBOM Tool, the "relationships" are all defined as depending on SPDXRef-RootPackage instead of the proper subdependency.
## Context
…
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
Currently, `osv-scanner scan` does not activate any Maven profiles(?), and `osv-scanner fix` activates only profiles that are explicitly active by default.
For better profile support, we could:
- …
-
### Request Description
Hello,
I'm wondering how to add custom entries to the VDB database so that depscan will find these custom vulnerable dependencies when scanning.
I see that VDB5 uses jsondb…
-
### Which areas does this feature request relate to
- [ ] Create Plugin
- [ ] Sign Plugin
- [ ] Plugin E2E
- [ ] Plugin Meta Extractor
- [X] Documentation
### Problem
There is no documentation for …
-
-
**What would you like to be added**:
An CLI option to set `PackageSupplier` of root entry in the generated SPDX document.
**Why is this needed**:
We're currently doing it by `sed` executed after …
-
Create a ToDo Application using the STUDENT App Catalog group in C#
-
This issue was originally created at: 2007-09-12 13:50:52.
This issue was reported by: `liblit`.
liblit said at 2007-09-12 13:50:52
>TeX and LaTeX are so fiendishly complex that scanning for depend…
-
I have pandas installed
```
> pip list | grep pandas
pandas 2.2.0
```
but pipreqs is not able to detect it and tries to resolve it via PyPI. Why?
```sh
> pipreqs . --p…