cve-bin-tool
cve-bin-tool copied to clipboard
CVE scan on dev-requirements.txt
Right now we use cve-bin-tool to scan the main requirements.txt file and a few others. We've recently moved a bunch of the development requirements into dev-requirements.txt so they're no longer being scanned. I think it's probably important for us to also know what issues might come up in our dev toolchain, so it would be nice to add that to the scan.
@anthonyharrison might want to use this as an excuse to try out sbom4python in CI, but we can also just do it the way we've done with the other files.