search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
22.1k stars 2.18k forks source link

feat(.NET): mark some deps from `.deps.json` files as `Dev` #7079

Open DmitriyLewen opened 3 days ago

DmitriyLewen commented 3 days ago

Description

Dependencies without runtime, native, or runtimeTargets sections in target section don't used in runtime. To avoid confusion when skipping these dependencies - we will mark them as Dev and skip them by default (same as for the maven-invoker-plugin).

Read https://github.com/aquasecurity/trivy/discussions/4282#discussioncomment-8830365 and https://github.com/aquasecurity/trivy/pull/7039#discussion_r1657367758 for more details.

Discussed in https://github.com/aquasecurity/trivy/discussions/4282