OpenSCA-cli

OpenSCA-cli copied to clipboard

[Bug] java-Gradle 编译方式 springboot项目, 使用io.spring.dependency-management插件导入springboot依赖时 无法扫描出依赖以及漏洞

2

## Title OpenSCA-cli无法检测出 java - Gradle编译方式 使用io.spring.dependency-management插件不明确标识版本号时无法扫描出依赖和漏洞 ## Description 使用OpenSCA-cli打包成docker镜像, 扫描java Gradle项目 镜像无Gradle编译环境, 使用build.gradle文件静态分析 ## build.gradle plugins { id 'java' id 'org.springframework.boot' version '3.2.3' id 'io.spring.dependency-management' version '1.1.4' } group...

hrc8

调整仅保留漏洞组件生效范围为跟漏洞相关的html和json格式，其他检测报告格式以及SBOM清单格式保留完整数据

yutons

cyberchen1995

## Title Aim for a clear and concise title that summarizes the specific issue. For instance: "OpenSCA-cli fails to detect dependencies in XYZ scenario" ## Description Provide a detailed description...

czz1233

luotianqi777

**Is your feature request related to a problem? Please describe.** JSON is ambiguous in terms of support for modern syntax, including comments, trailing commas in collections, and using non-object schema...

mcandre

**Is your feature request related to a problem? Please describe.** Please follow the zeroconf property of modern applications: Do not require manual configuration in order to perform basic functionality (SCA...

mcandre

**Is your feature request related to a problem? Please describe.** Please provide a console `out` option, so that users can simply read the results directly from stdout. **Describe the solution...

mcandre

## python依赖包解析，展示的版本号是：#typestubsnotpublishedseparately ansible-devel/test/sanity/code-smell/mypy.requirements.in/[cryptography:#typestubsnotpublishedseparately] ## Environment - OS: Linux - Version: centos7 - OpenSCA-cli version: OpenSCA-cli-3.0.8

zr000

Opensca 扫描时是否可以设置忽略特定路径

2

**Is your feature request related to a problem? Please describe.** 在使用 Opensca 扫描我们的项目时，它会包括 JarCollection 目录下的 soot-1.0.jar 文件。这个 JAR 文件是一个测试包，并不包含需要进行安全分析的源代码，因此不应被纳入扫描范围。 当前行为： 在扫描过程中，soot-1.0.jar 文件被包含在扫描结果中，且其路径出现在扫描输出中，例如： ```bash { "task_info": { "tool_version": "v3.0.7", "app_name": "TestCaseDroid",...

NiceAsiv