component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard
verified publisher icon microsoft

Allow internal artifact feed configuration in pip detector

Open annaowens opened this issue 3 years ago • 1 comments

Today, the Pip detector automatically pulls from PyPI for latest version + dependency tree.

https://github.com/microsoft/component-detection/blob/cf622c795006400d2644fc176e5e524032f043c1/docs/detectors/pip.md?plain=1#L25

We should use users' internal feeds, if configured, rather than making HTTP calls to PyPI by default.

annaowens avatar Jan 30 '23 18:01 annaowens

#1129 now has support in experimental detection to handle this using the PIP_INDEX_URL environment variable.

cobya avatar May 23 '24 16:05 cobya