search

hyperledger / fabric-gateway

Go, Node and Java client API for Hyperledger Fabric v2.4+
https://hyperledger.github.io/fabric-gateway/
Apache License 2.0
150 stars 88 forks source link

Fix Node OSV-Scanner #607

Closed bestbeforetoday closed 1 year ago

bestbeforetoday commented 1 year ago

OSV-Scanner run against the package-lock.json could detect vulnerabilities in dev packages. Instead, generate a CycloneDX Software Bill of Materials (SBOM), excluding dev dependencies, and run OSV-Scanner against the SBOM.