SNYK only flags vulnerabilities from 1st level dependencies in Golang

SeldonIO / seldon-core

An MLOps framework to package, deploy, monitor and manage thousands of production machine learning models

https://www.seldon.io/tech/products/core/

Other

4.36k stars 831 forks source link

SNYK only flags vulnerabilities from 1st level dependencies in Golang #2276

Closed axsaucedo closed 2 years ago

axsaucedo commented 4 years ago

Submitted an issue in https://github.com/snyk/snyk/issues/1330 that raises the limitation of Snyk with go.mod where the CLI only checks for 1st level dependencies, and does not flag 2nd-level+ dependencies.

axsaucedo commented 4 years ago

Added another issue in the golang repor for snyk https://github.com/snyk/snyk-go-plugin/issues/75