-
**Describe the bug**
I run DC scan again NodeJS-project with only package.json file (without lock).
In the HTML report i see that the scanner recognized as dependencies only package.json and *.js fi…
-
#### Bug Report Checklist
- [x] Have you provided a full/minimal spec to reproduce the issue?
- [x] Have you validated the input using an OpenAPI validator ([example](https://apidevtools.org/swagg…
-
### Describe the bug
We have received a notification for a vulnerability in our project using `kubernetes-client:jar:6.9.2`. Details follow.
Vulnerabilities in: pkg:maven/com.squareup.okhttp3/logg…
-
Hi,
I'm trying to update an older project that has a lot of tightly coupled dependencies (lots of docker internals). I seem to be getting an error when trying to export the dependencies, but the pr…
-
It would be nice to have some sort of security scanning functionality in CI to try to catch any security problems.
## SCA / Dependency scanning
- Snyk? (sketchy PNPM support?)
- [OWASP Dependen…
-
Not all package managers have scopes such as Python where its `requirements.txt` is basically a flat list of dependencies. What if in https://github.com/heremaps/xyz-spaces-python/blob/master/requirem…
-
Hi there.
In trying to test your project, I came across an error. I'm using Xubuntu 16.04 and ROS Lunar. I can't use a ROS lower than Kinetic because that would require (X)Ubuntu 14.04 and that onl…
-
Hi.
We found that there are missing some dependencies in result of syft scan. We have more than 400 jars, which we need to be scanned. For most of them the command mentioned bellow works as expect…
-
Currently, the packages from current project (or current module of a multi-module project) is scanned for endpoints, only if there is no configuration for the exposed packages from dependencies (or ot…
-
The curation should add a flag `no_sources_available` analog to `is_metadata_only` with analog handling, e.g.
if `true` no attempt to download or scan the package's source code.
Motivation:
1. Re…