-
As of today, I noticed [`cyclonedx-go/testdata`](https://github.com/CycloneDX/cyclonedx-go/tree/795ee183544e3f8376b984e911f00188f79e90d8/testdata) only provides `valid-*` sample test BOM files in XML …
-
**Describe the bug**
The Pinned Dependency check is reporting a false positive for Dockerfile entries with a build arg and multi-stage build.
**Reproduction steps**
Steps to reproduce the behavio…
-
Hey folks! I recently saw Matt Godbolt’s talk about what’s new in compiler explorer and wanted to try out the library feature.
Could you please add Go Protobuf (https://pkg.go.dev/google.golang.org…
-
Part of #1642
-
can you add the ability to set these?
-
## Expected Behavior
This project currently uses go 1.20 which is EOL and unsupported, see https://go.dev/doc/devel/release It also has security vulnerabilities which scanners such as Trivy repor…
-
it seems afero is not maintain anymore.
-
Vulnerable Library - golang.org/x/crypto-v0.0.0-20210322153248-0c34fe9e7dc2
Library home page: https://proxy.golang.org/golang.org/x/crypto/@v/v0.0.0-20210322153248-0c34fe9e7dc2.zip
Path to depende…
-
### What version of rules_go are you using?
`0.46.0`
### What version of gazelle are you using?
N/A, not using explicitly. Gazelle is an indirect dependency.
### What version of Bazel are …
-
### govulncheck version
Go: devel go1.23-9d33956503 Thu Jun 20 17:46:05 2024 +0000
Scanner: govulncheck@v1.1.2
DB: https://vuln.go.dev
DB updated: 2024-06-20 18:18:26 +0000 UTC
### Does this issu…