Gareth Jones
Gareth Jones
Cherry-pick of https://github.com/G-Rath/osv-detector/pull/182 --- This setups up a dedicated workflow for running the `semantic` test suite using the latest generated fixtures: - every sunday - whenever a generator or the...
This adds a new "vertical" output format that is designed for humans and based on the output of `osv-detector`, which effectively aims to group the output relating to each entity...
This resolves an inconsistency in the scanner output for npm packages that appear in the same tree multiple times but in different groups; this happens because the table outputter deduplicates...
This adds support for parsing `gradle/verification-metadata.xml` files - since this seems to be like an actual lockfile it's very straightforward: we just parse the file as XML and extract out...
Currently `semantic` does not know how to compare versions for Alpine packages, which is required for local/offline mode - this blocks #769
Currently the SARIF output includes a psuedo path to `osv-scanner.toml` which is always Unix based even on Windows: https://github.com/google/osv-scanner/blob/a2c1602cf10816b5ff81d9e03572ba11dbb15af1/internal/output/sarif.go#L85-L85 This should be addressed after #603
Disclaimer: I'm not a docker superuser, especially when it comes to managing permissions and users between the host and containers, so it's very possible I'm doing something wrong. Doing a...
### Summary The general story behind this is outlined in #2153 - ultimately, this has Capistrano start to manage a `REVISION_TIME` file which holds a unix timestamp of when the...
### Summary I noticed these while gearing up to contribute 🙂 ### Short checklist - [x] Did you run `bundle exec rubocop -a` to fix linter issues? - [x] ~If...
## Summary This aims to reduce the occurence of #10577 without solving it entirely by making what I believe to be the main source (#9496) opt-in (which we can do...