[BUG] Investigate vulns reported for Jake by IQ

sonatype-nexus-community / jake

Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.

https://jake.readthedocs.io/

Apache License 2.0

114 stars 24 forks source link

[BUG] Investigate vulns reported for Jake by IQ #36

Closed bhamail closed 4 years ago

bhamail commented 4 years ago

While troubleshooting the internal CI build that uses Lifecycle/IQ premium datasets to scan Jake, some vulns are detected. Need to investigate and resolve these.

Looks like implicating PIP, which Jake does not use.

@bhamail @DarthHater

bhamail commented 4 years ago

Jake does not use PIP itself. PIP comes along from python. Waived this vulnerability.