Apologies for the previously closed PR. First open source PR here 😄 . I thought I was opening a PR in my forked repo and wasn't ready for reviews yet. But, thanks for the quick suggestion!
The reason for this PR is to allow for Dependabot scanning on JVM repositories that use Bazel. Dependabot is used to scan repositories for vulnerable dependencies. However, the tool only checks dependencies listed in pom.xml files. I have leveraged the existing custom Decoders to parse the dependencies.yaml file and added new methods to the DepModel to return dependencies in xml format.
johnynek
commented
2 years ago
Apologies for the previously closed PR. First open source PR here 😄 . I thought I was opening a PR in my forked repo and wasn't ready for reviews yet. But, thanks for the quick suggestion!
The reason for this PR is to allow for Dependabot scanning on JVM repositories that use Bazel. Dependabot is used to scan repositories for vulnerable dependencies. However, the tool only checks dependencies listed in
pom.xmlfiles. I have leveraged the existing custom Decoders to parse thedependencies.yamlfile and added new methods to the DepModel to return dependencies in xml format.Example: