Use xz version of vdb which has better compression than nydus.

owasp-dep-scan / dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

https://owasp.org/www-project-dep-scan/

MIT License

986 stars 97 forks source link

Use xz version of vdb which has better compression than nydus. #282

Closed prabhu closed 2 months ago

prabhu commented 6 months ago

Update vdb to fix pypi false positive. Fixes #281

prabhu commented 6 months ago

After years of waiting, I had finally made up my mind to use xz instead of gzip for depscan. Perhaps, this PR can wait given the recent news. I will separate the bug fix for #281 in a new PR.