Keshav Priyadarshi

``` py ❯ python vulntotal/vulntotal_cli.py 'pkg:pypi/[email protected]' PURL: pkg:pypi/[email protected] Active DataSources: DEPS, GITHUB, GITLAB, OSS, OSV, SNYK, VULNERABLECODE +----------------+----------------+----------------+----------------+---------------+ | CVE | DATASOURCE | ALIASES | AFFECTED | FIXED | +================+================+================+================+===============+...

Now CLI also supports the listing of `supported ecosystems` ``` ❯ python vulntotal/vulntotal_cli.py --ecosystem Active DataSources: DEPS, GITHUB, GITLAB, OSS, OSV, SNYK, VULNERABLECODE Ecosystem supported by active datasources ALPINE ANDROID...

> @armijnhemel it's not a bug in Vulnerablecode, the version `1.11.3-r0` is not from pypi ecosystem but from apline ecosystem `pkg:alpine/[email protected]?arch=aarch64&distroversion=edge&reponame=main` vulntotal needs some sort of filtering to filter out...

> @keshav-space which branch of vulnerablecode are you using in your local checkout? if you use the latest branch you will only get purls of `pypi` ecosystem Okay, let me...

Addressed all the comments

> IMO it's better to register data sources by hand as done in vulnerablecode rather than this It's doing the exact same thing. Just one less thing to worry about...

> @keshav-space is this because of > > https://github.com/nexB/scancode.io/blob/d6389b28841c4edf25075208eaf0708658650d06/scanpipe/pipes/fetch.py#L380 > > ? @pombredanne No. The problem is here in `fetch_http` https://github.com/nexB/scancode.io/blob/d6389b28841c4edf25075208eaf0708658650d06/scanpipe/pipes/fetch.py#L99

@tdruez Some of these URLs very inconsistent in their response time, for example if I try getting response https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.3.11.tar.gz it takes around ~20 seconds but if try to get the...

@tdruez yes, that should work.

@tdruez this is @pombredanne 's suggestion, and if I understood it correctly, the idea is that there are some files for which it would be nice to get the origin...