Open riccardoporreca opened 10 months ago
SonarCloud Quality Gate failed.
0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell
No Coverage information
0.0% Duplication
Catch issues before they fail your Quality Gate with our IDE extension SonarLint
@bhamail, @DarthHater I am keeping this as Draft without bothering about the failed tests, just to propose a possible quick (and dirty) approach. Happy to follow up in any direction you suggest
Including qualifiers for Conda packages (build nr., channel, etc) in the Package URL used to retrieve the vulnerability report from the OSS index causes no vulnerabilities to be detected. This can be see as a way to mitigate sonatype-nexus-community/ossindex-python#19 on the OSS index side
This pull request makes the following changes:
It relates to the following issue #145
cc @bhamail / @DarthHater