Kunal Singh
Kunal Singh
I was able to reproduce the issue: It seems the issue is accruing when we don't explicitly specify the `version` of dependency. For this `pom.xml` (no version for `junit-jupiter-api`) >...
Ok @siewer thanks, we need fetch appropriate version as served by maven. We will fix this ASAP.
@siewer we have fixed the issue, in version `1.10.4`. Can you give it a try.
cc @abhisek
i thinks this is similar to what current `vet-action` is doing for PR? and we can check changed files, using local `git` commands. @OmkarPh @abhisek
@OmkarPh it does not fail, but shows no results in gitlab ui
@OmkarPh make sense. The current gitlab report is genrated using `--report-gitlab`, so how about `--report-gitlab-cdx`
@saurabhraghuvanshii go ahead and try, this is new policy which will require a bit of research. Happy to help when require.
Resource to work on this issue: - OSV-SCALIBR: https://github.com/google/osv-scalibr - https://google.github.io/osv-scanner/experimental/guided-remediation/
@abhisek should we close this issue, as documentation for agent is there at https://github.com/safedep/vet/blob/main/docs/agent.md