Abhisek Datta
Abhisek Datta
This is not intended. Just that we are yet to complete the documentation for the same. The docs on submitting scan and creating report should be merged shortly. The docs...
@anantshri Thanks for opening this issue. We have a #8 as a planned item to better handle these requirements.
@anantshri We will be grouping remediation advice by top level (direct) dependencies so that you can easily identify which top level dependency to upgrade to fix maximum number of issues,...
@UtkarshKher Thanks for the suggestion. It will take some work to do it because the internal data models for `vet` is specific to handling package dependencies and not general enough...
@jchauhan This is by design currently i.e. `setup.py` manifest parser is not selected automatically due to it being a generic python code file and can cause high false positive if...
@jchauhan Looks like not all PYSEC published vulnerabilities has a summary field in the OSV database which is our source ``` curl -d \ '{"package": {"name": "django", "ecosystem": "PyPI"}, "version":...
This is probably not required since we are supporting separate `query` workflow
@jchauhan This is a research problem that we need to solve in a generic way for different ecosystems.
@madhuakula ^^
@oliverchang Can data from deps.dev be used to resolve transitive dependencies from direct dependencies identified from `pom.xml`? If so, no external tool/plugin will be required to get full list of...