search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
22.86k stars 2.25k forks source link

Python ZIP Application Support #4240

Open knqyf263 opened 1 year ago

knqyf263 commented 1 year ago

Description

Support Python zipapps as outlined in PEP 441

Discussion

https://github.com/aquasecurity/trivy/discussions/4239

knqyf263 commented 1 year ago

@BeyondEvil Here is the contribution guide. You need to implement a parser in go-dep-parser.

BeyondEvil commented 1 year ago

@BeyondEvil Here is the contribution guide. You need to implement a parser in go-dep-parser.

This says:

"go-dep-parser is a library for parsing lock files such as package-lock.json and Gemfile.lock."

Is that outdated or incorrect?

knqyf263 commented 1 year ago

It is not incorrect, but not efficient. The library was expanded to parse packages like egg and wheel.