Abhisek Datta
Abhisek Datta
`vet` fails to parse `package-lock.json` v3 with error: ``` scan failed due to error: json: cannot unmarshal array into Go struct field npmPackageLockPackage.packages.license of type string ``` This seems to...
`vet` currently uses `oapi-codegen` v1 to generate client code from OpenAPI specs. We need to update to `oapi-codegen` v2
SPDX SBOM scanning, such as, what is used while scanning Github Dependency Insight API output (SPDX SBOM data) results in incorrect package ecosystem detection. In this case, a Manifest type...
Exceptions management is currently implemented as a global package. This is bad because we can't use `vet` as a package and run concurrent scans. We need to refactor exceptions management...
# Problem [Dependency Track](https://dependencytrack.org/) is a continuous SBOM management and analysis platform. For DT to be effective, it is important to continuously import SBOMs into DT. We want `vet` to...
## Problem Our `proto3` spec management is poor and causes developer friction because we are not using any package manager to manage external proto files such as https://buf.build/ ## Requirement...
## Problem Any real-life application will depend on frameworks & other direct dependencies which in turn introduces multiple layers of transitive dependencies. The number of effective (direct & transitive) dependencies...
## Requirement Generate an exportable software bill of materials (SBOM) in the [NTIA-approved data formats](https://www.ntia.doc.gov/sites/default/files/publications/sbom_minimum_elements_report_0.pdf) (i.e., SPDX, CycloneDX, and SWID tags)
> How do you know if a vulnerability in method-X in library-Y is actually reachable from your application and therefore has a real impact and not just another noise generated...