issues
search
actions
/
dependency-review-action
A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
MIT License
596
stars
103
forks
source link
Conflict between vulnerabilities in scorecard vs check
#746
Open
james-smith-uk
opened
5 months ago
james-smith-uk
commented
5 months ago
When analysing spacy@3.7.4 the OpenSSF scorecard result returns 21 existing vulnerabilities including critical vulnerabilities.
The action summary however states: "Dependency review did not detect any vulnerable packages with severity level "low" or higher."