Xueqin Cui comments

Results 59 comments of


                                            Xueqin Cui

Better support for transitive deps in Maven/Java (pom.xml)

Hi @LironJit, we are actively working on this! The changes to resolve Maven projects are on their way. :)

Better support for transitive deps in Maven/Java (pom.xml)

@oliverchang yes, I think so - I just started working on this!

SwiftURL ecosystem uses inconsistent format for package identifiers

@fviernau do you know if there is any official documentation by Swift stating the normalization rules?

feat: add "vertical" output format

LGTM - however I am not sure if we want the output in this color schema. @another-rex is there any discussion/agreement on this?

feat: support parsing `gradle/verification-metadata.xml`

I think I reviewed it and pending changes from @G-Rath

Adding egg-info extraction ability

is there any need to make a label for migration to osv-scalibr?

Scan groups are inconsistent when there are duplicate packages in npm

@G-Rath feel free to take it! I am working on another issue at the moment. :)

consider putting details about errors in `models.VulnerabilityResults`

yes, we would like to re-design error types in v2 https://github.com/google/osv-scanner/issues/636, and this is related.

Scan and report dependency groups of vulnerabilities for Yarn

@Ais8Ooz8 thank you for your feedback! For Yarn, `devDependencies` are specified in pacakge.json and `osv-scanner` currently scans `yarn.lock` for vulnerabilities. We can report dependency groups for Yarn once we support...

Scan and report dependency groups of vulnerabilities for Yarn

Related issue to support manifest scanning: https://github.com/google/osv-scanner/issues/416