DJ Schleen
DJ Schleen
Hey @Shweta4398 ! Do you have an SBOM I can use for testing?
Also, if you could run with the ```debug``` flag and provide that output I'd appreciate it! I just downloaded the SPDX from the ```Insights/Dependency Graph``` menu in Github and it...
Thank you for sharing the SBOM. Will take a look.
Hey @Shweta4398 - turns out there are no vulnerabilities detected by either provider. Neither OSV or OSSINDEX support the github or githubactions that are specified in the SBOM you were...
#88 Should address this @nhopkins19 - we can work together to implement if you'd like!
We'll take a look!
This one is interesting. Which providers are you using @ppeters0502 @ivanb-blip ? OSV is a bit strange with passing package versions, OSSINDEX should be tighter.
@ppeters0502 and @ivanb-blip I managed to run through this and the results that come back are expected. In your SBPM's you'll see that the reference locator does not contain a...
Ahhh yes... good catch @garethr. OSS Index has the same limitation with 127 so we iterate and step that in the provider.
Hey @garethr - I think I fixed this in my #183 PR... a bit maybe. I added some batch logic to the epss.go file, but really i need to get...