Open ddkilzer opened 4 months ago
Note that ANGLE
and webrtc
projects are covered by Issue #802.
I filed this to cover the many, smaller vendored projects in WebKit.
Also, the Notes section of Issue #801 mentions the two partial googletest
projects in the output above.
Summary:
osv-scanner
fails to identify multiple third-party projects in the WebKit project while scanning for vendored code dependencies.Steps to Reproduce:
osv-scanner
(at commit 85563d901bec48bbe8db1242f083c42d42353ace):Expected Results:
osv-scanner
identifies multiple third-party projects as vendored code dependencies.Actual Results:
osv-scanner
fails to identify multiple third-party projects as vendored code dependencies.I'm not sure if all of these are tracked by
osv-scanner
, but at least some of them are since they're fuzzed by oss-fuzz.Notes:
osv-scanner
ends on a parsing error: