warn on improperly pinned dependencies - Githubissues

mcandre / toys

code demos for newbies

https://github.com/mcandre/toys

30 stars 6 forks source link

warn on improperly pinned dependencies #510

Open mcandre opened 1 month ago

mcandre commented 1 month ago

Dependency libraries imported into source code, but not pinned properly, create gaps in SCA reporting.

Dependencies tracked in package manager configurations without at least a major version number specified
Dependencies omitted from package manager configurations
Projects with external dependencies that lack corresponding package manager configuration files

SCA and SAST tools should start warning for these situations.