Jeffry Hesse
Jeffry Hesse
Welp, why not send in a list of hashes, if people want to do that! This allows someone to scan for situations where someone may have copied a downloaded file...
To help devs figure out how to remediate, it was suggested to add the: - list of deps that require the dep - the path to the dep This gives...
* **What are you trying to do?** In our user testing we have noticed that people usually just want to see the dependencies (and vulnerabilities) that are vulnerable, not an...
I do not think we totally need to do this and allow for someone to go very granular on this as we've provided a `verbose` flag, and by default log...
* **What are you trying to do?** Users could benefit from being able to specify the log directory, in case their CI/CD platforms lock down too much (maybe they can...
This is the start of the ability to get some hashes from a list of files, and then eventually submit these to IQ Server, for great fun and awesome times....
Simple issue, make sure that Bower scanning works with OSS Index and as well with IQ, likely with IQ we will need to create our own SBOM (which should be...
It would be cool to see this work for Nexus Repository Manager version 3. I can help out if needed, as well!
Hi there! This project is licensed GPLv3, which kinda makes things a bit odd for others looking to it for inspiration. Is there any potential to use Apache License or...
For IQ where we can identify files based on sha1, why not do that with stuff we find under paths in PATH? This can potentially identify items that were installed...