osv-scanner icon indicating copy to clipboard operation
osv-scanner copied to clipboard
verified publisher icon google

.lua files were not detected and scanned

Open mpachaia opened this issue 1 month ago • 1 comments

Some of the files with .lua extensions were not detected while scanning for vulnerabilities.

reference url: https://github.com/Kong/kong/

mpachaia avatar Nov 06 '25 08:11 mpachaia

I tried to look up the extractor in osv-scalibr and only find the extractor for luarocks. Is this what you are referencing to?

cuixq avatar Nov 06 '25 22:11 cuixq

Hi I'm working with @mpachaia on this issue. To be hones we do not know what package manager is used in Kong, we just realized that the .lua files in the Kong project are ignored by osv-scanner.

CsatariGergely avatar Nov 20 '25 07:11 CsatariGergely

I don't think we currently support any lua files: https://google.github.io/osv-scanner/supported-languages-and-lockfiles/

It looks like Kong uses bazel to manage dependencies, which we don't currently support.

another-rex avatar Nov 21 '25 02:11 another-rex