Fernando Rojo
Fernando Rojo
cargo.toml files can have specified features that can change the component set when building, currently the CLI detector assumes all features are enabled but we should implement some support to...
add in python_version dependency check when processing METADATA files
If you have a file structure like this: ``` / - Path1/ - - go.mod - - go.sum - - ... - Path2/ - - go.mod - - go.sum -...
In the GoWithReplace detector, having a replace directive that points to an adjacent directory will error out with: System.ArgumentNullException: Property Version of component type Go is required (Parameter 'Version'), In...
presently we are able to ignore scanning all files under a directory by passing in --IgnoreDirectories "path" or --DirectoryExclusionList "pathGlob", However there is sometimes the need to only exempt specific...
If a lock file is generated that has multiple source entries under a single package, the poetry detector will hard fail: ``` Tomlyn.TomlException: (157,1) : error : The key `package.[3].source`...
Introduces the ability to use code files in source to set config settings. As an MVP, supports a yaml file ComponentDetection.yml that can store a variables dictionary Ex ``` variables:...
Why? Many Linux distributions (debian/alpine/mariner) publish CVE data against source package names only, so this is required for users to CVE check against the output of component-detection. Note: Syft doesn't...