Closed cuixq closed 1 week ago
Attention: Patch coverage is 66.66667%
with 11 lines
in your changes missing coverage. Please review.
Project coverage is 65.30%. Comparing base (
ace9154
) to head (5e603d7
).
Files | Patch % | Lines |
---|---|---|
pkg/osvscanner/osvscanner.go | 70.96% | 6 Missing and 3 partials :warning: |
internal/resolution/datasource/maven_registry.go | 0.00% | 2 Missing :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
sorry, after posting my review and seeing all my comments together it's very clear they're all just a single comment 😅:
comparing locally is different from comparing offline - only the latter requires the former; we should continue checking if we're offline, not if we're comparing locally
@another-rex @G-Rath PTAL- thanks!
I updated the fixtures with the example in the blog post.
https://github.com/google/osv-scanner/issues/35
In this PR,
MavenResolverExtrator
is invoked when scanning pom.xml to report vulnerabilities in transitive dependencies. However, the default Maven extractor is still being used with offline mode.