fossas
PNPM analyses
Hello guys I am trying to run fossa scan on our public repository and I am preforming scan only on top of pnpm-lock.yaml file. We are using RUSH as monorep tool.
So I have setting in my repo .fosss.yml
Problem is that part of my monorepo is also tooling library and tooling dependency occurred in attribution file.
Is there way how to exclude some packages from scan if I am performing scan only on top of pnpm lock file ?
for example in my lock file is this tool package https://github.com/gooddata/gooddata-ui-sdk/blob/master/common/config/rush/pnpm-lock.yaml#L5893C3-L5893C22
How can I set it into .fossa.yml
this part of code is not working and scan contain still all dep from pnpm-lock.yaml
version: 3
project:
id: gooddata-ui-sdk
telemetry:
scope: 'off'
targets:
only:
- type: pnpm
path: common/config/rush
exclude:
- type: bundler
path: ../../tools/applink # or tools/applink etc ...
Thanks very much for hints
Thank you @ivanmjartan for creating this issue. If this is in regards to a defect, product question or feature request: you should use our support portal at https://support.fossa.com to file a request, as you would receive more immediate support.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}