almaz045

**Describe the solution you'd like** *generic-api-key* doesn't finds the secrets that not contain digits because make this check: https://github.com/gitleaks/gitleaks/blob/f0dcd4d9cfe9e9f3e588acb1fd0aaad2e4328ea8/detect/detect.go#L347-L350 But there comment that is "this should be replaced with stop...

Feature: 1. more complete report in json and cyclonedx-json. 2. error when get sbom from trivy or syft.

6

### Request Description 1. In this moment like I know depscan can generate reports only in html and json, but this json not complete and don't have all information that...

False-Positive: CVE-2021-39913

7

### PURL of wrongly matched component pkg:pypi/[email protected] ### Depscan findings P.S. the latest version of pypi/gitlab is 1.0.2 (https://pypi.org/project/gitlab/1.0.2/#history). But depscan thinks that this pypi package == gitlab version, but...

False-Positive: I raised the topic on discord. I compared the DT, Depscan, and Grype analyzers. The results are presented in the table. I think it will be useful for correcting the quality of the analysis.

1

### PURL of wrongly matched component [stats-github.ods](https://github.com/owasp-dep-scan/dep-scan/files/14874571/stats-github.ods) [depscan-bom.json](https://github.com/owasp-dep-scan/dep-scan/files/14874576/depscan-bom.json) [sbom-source-syft(1).json](https://github.com/owasp-dep-scan/dep-scan/files/14874577/sbom-source-syft.1.json) ### Depscan findings Of course, the method for determining FN may not be correct enough, since in some cases I determined...

Hello! I supplement the feeds in the postgresql database after initialization with the init.sql script from the instructions. This is for personal purposes. My question is, what analyzers will go...

We want to prioritize the findings from the report. I have question: 1. Are findings in the report highlighted from DevDependencies when scanning package-lock.json? We wanted to prioritize the findings...

[BUG] cdxgen -o bom.json returns error on Trivy repo

9

When I run this command "cdxgen -o bom.json" on other GO repos it's work fine. But when I run on Trivy repo, it's return errors. trivy-main$ cdxgen -o bom.json Unable...

cdxgen missed dependencies in go.mod

5

I scanned the gitleaks repository for SBOM (**cdxgen -o bom.json .**), and it found 32 components out of 36 in the go.mod https://github.com/gitleaks/gitleaks

Exception in thread "main" overflowdb.traversal.filter.StringPropertyFilter$InvalidRegexException: invalid regular expression

6

I've tried to test depscan on https://github.com/grpc/grpc by next command: > atom reachables -o app.atom -s reachables.json -l c . p.s. bom.json is exist And got next error: ``` Generating...

Hi! I noticed error when I run atom on repos like [react](https://github.com/facebook/react) and [three.js](https://github.com/mrdoob/three.js): atom -o app.atom -l js . Failure: java.lang.ArrayIndexOutOfBoundsException: Index 1 out of bounds for length 1