Feature: Adding insight in json report

owasp-dep-scan / dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

https://owasp.org/www-project-dep-scan/

MIT License

1.02k stars 98 forks source link

Feature: Adding insight in json report #352

Open Ali-Yazdani opened 2 months ago

Ali-Yazdani commented 2 months ago

Request Description

It would be great to include insights showing indirect dependencies in the .json report, similar to the insights currently available in both HTML and CLI output.

Additional Information

No response

prabhu commented 1 month ago

@Ali-Yazdani did you check the .vdr.json file? It must have the insights as a property.

Ali-Yazdani commented 1 month ago

@prabhu While I'm using depscan --bom bom.json --explain, there is just a bom.vdr.json file which is not for that reason. The insights are not part of the depscan-bom.json file, which contains the results.

prabhu commented 1 month ago

VDR would also have the vulnerabilities. The jsonlines file is going away in v6, so best to not use that file.