-
## Desired Behavior
Imagine you have some vendored dependencies (possibly in a directory marked `vendored_dirs`) which themselves have `dune-project` files and opam dependencies. It would be conv…
-
### Describe the bug
We have received a notification for a vulnerability in our project using `kubernetes-client:jar:6.9.2`. Details follow.
Vulnerabilities in: pkg:maven/com.squareup.okhttp3/logg…
-
### Description of the bug
When I use my custom reference, error always show: This path is not available within annotation-cache. Please check https://annotation-cache.github.io/ to create a request …
-
Hi,
I'm trying to update an older project that has a lot of tightly coupled dependencies (lots of docker internals). I seem to be getting an error when trying to export the dependencies, but the pr…
-
I'm trying to build one of my z80pack VM's for the RISC-V instead of the ARM cores. Looks like FatFs is not prepared for this yet?
Scanning dependencies of target picosim
[ 10%] Building C object …
-
It would be nice to have some sort of security scanning functionality in CI to try to catch any security problems.
## SCA / Dependency scanning
- Snyk? (sketchy PNPM support?)
- [OWASP Dependen…
-
Hi.
We found that there are missing some dependencies in result of syft scan. We have more than 400 jars, which we need to be scanned. For most of them the command mentioned bellow works as expect…
-
**Describe the bug**
I run DC scan again NodeJS-project with only package.json file (without lock).
In the HTML report i see that the scanner recognized as dependencies only package.json and *.js fi…
-
Not all package managers have scopes such as Python where its `requirements.txt` is basically a flat list of dependencies. What if in https://github.com/heremaps/xyz-spaces-python/blob/master/requirem…
-
The curation should add a flag `no_sources_available` analog to `is_metadata_only` with analog handling, e.g.
if `true` no attempt to download or scan the package's source code.
Motivation:
1. Re…