Dotan Agmon
Dotan Agmon
Maybe [deps.dev](https://deps.dev/) can be used here. @oliverchang
Hi, When is this feature expected to be released (i.e. included in `ghcr.io/google/osv-scanner:latest`)?
> That certainly sounds doable. Sounds like what we'd like here is some output that indicates the vulnerable dependency chain that led to a finding (including function level info if...
Thanks @oliverchang. Yesterday I already started exploring deps.dev as well. As for my use case (and it connects to the remediation efforts as well): Currently, OSV-Scanner scans lock files (e.g....
Hi, Is there any update on this issue? Thanks!
Thank you, @oliverchang. Can this feature (returning the dependency chain(s) that leads to a vulnerable package) be released as soon as it is ready, even before the full remediation feature?
Thanks, @G-Rath. If, as already mentioned in #57, one of the future directions is adding remediation capabilities, then adding the line numbers can help. Ideally, I'd want to get the...
Hi @oliverchang, Will the remediation feature include a command that automatically updates the manifest file and the lock file (like `npm audit fix`), or will it only have the guidelines...
Hi @oliverchang, I have another question here. Will I be able to remediate only a single vulnerability at a time? For example, let's say I have several issues in my...