dejacode icon indicating copy to clipboard operation
dejacode copied to clipboard

verified publisher icon aboutcode-org

Metadata

Automate open source license compliance and ensure software supply chain integrity

Results 136 dejacode issues
Sort by recently updated
recently updated
newest added

fedcode-next: Integration of new UI and data in DejaCode UI "CRAVEX" to expose sharing vulnerabilities triage efforts between users

It should be possible to contribute curations directly from the CRAVEX UI.

pombredanne avatar pombredanne

BUG: User in legal group and with staff status is effectively a superuser

**Describe the bug** Users that are assigned to the "Legal" group and have _Staff Status_ enable, currently posses the following permissions among others, as documented by the permission matrix: -...

rogu-beta avatar rogu-beta

bug
enhancement
design needed

Investigate OpenChain-Project/SBOM-sg-SEPIA

See https://github.com/OpenChain-Project/SBOM-sg-SEPIA by @HansMKern and team It will provide a mapping between SPDX and CycloneDX. Since we can already read/combine/merge and write back SPDX and CycloneDX here in DejaCode and...

pombredanne avatar pombredanne

Enhancement request: Support global, per product, and per package registry/proxy configuration for purl2url

9 comment

**Is your enhancement request related to a problem? Please describe.** Currently, DejaCode attempts to convert the PURL to a URL in order to submit a scan to ScanCode.io. Since PURLs...

robertguetzkow avatar robertguetzkow

enhancement
design needed

BUG: Maven packages not scanned when importing SBOM

**Describe the bug** It appears that importing an SBOM that contains a mix of npm and Maven packages only results in npm packages being scanned by ScanCode.io. It seems that...

rogu-beta avatar rogu-beta

bug
enhancement
design needed

RFC: Display and use SPDX licenses ids throughout

4 comment

As SBOMs start to get some adoption, we should consider using SPDX license identifiers for display and reporting throughout the AboutCode stack and demote our own license keys as secondary....

pombredanne avatar pombredanne

major

Enhancement request: Track product "lifecycle"

6 comment

It would be great to support lifecycle events at the product level. For instance, when I have a portfolio of products and product releases: - some products are end-of-life -...

pombredanne avatar pombredanne

enhancement
design needed

Enhancement request: Allow managing vulnerabilities in the product itself

**Is your enhancement request related to a problem? Please describe.** Products may have vulnerabilities in their own source code, not just in their dependencies. The Cyber Resilience Act mandates that...

rogu-beta avatar rogu-beta

enhancement
design needed

Enhancement request: in vulnerabilities, sort the package versions putting the ones with a non vulnerable version first

**Is your enhancement request related to a problem? Please describe.** I would like to see in vulnerabilities the package versions sorted with the ones with a non vulnerable "actionable" version...

pombredanne avatar pombredanne

enhancement
design needed

DOC: Public instance of PurlDB and Vulnerable Code - ToS and Data Privacy?

**What type of documentation would you like?** Details on integration of PurlDB and Vulnerable Code: https://dejacode.readthedocs.io/en/latest/application-settings.html **Documentation topic** When running DejaCode it by default connects to public instances of PurlDB...

rogu-beta avatar rogu-beta

documentation

Metadata

23
Stars
7
Forks
Watchers

Owner

verified publisher icon aboutcode-org

Metadata

Automate open source license compliance and ensure software supply chain integrity

Back