RootLUG
commented
2 years ago Fully agreed, there should be more context when data is missing informing user + maybe a suggestions to change cli params as well?
For example in some cases it may not produce detections until verbose mode -v is turned on.
In this case it looks like a bug as aura for some reason was not able to pick the right release file/wheel to scan, as a workaround I suggest to download the wheel file and scan it via aura as a file on disk, e.g. aura scan ~/Downloads/faiss-1.5.3-cp37-cp37m-macosx_10_13_x86_64.whl -v -f html >output.html.
I will look into both things, adding some more info for the user when data is missing as well why in this case it wasn't even able to download the archive. Thanks for the bug report
Describe the bug The HTML report for PyPI package faiss needs a bit more explanation. When there are no detections, it is probably worth providing the user a bit more information, something like "There were no detections."
To Reproduce
docker run -ti --rm sourcecodeai/aura:dev scan pypi://faiss -f html > output.htmlExpected behavior Expected a bit more information to provide context.
Additional context Additionally, faiss has a pre-build binary in it. You might consider adding a detection in Aura that alerts for pre-built binaries. A user might want to know about that.
Thanks for your help, @RootLUG.