cve-bin-tool icon indicating copy to clipboard operation
cve-bin-tool copied to clipboard

Published 20 hours ago verified publisher icon intel

CVE scan on dev-requirements.txt

Open terriko opened this issue 1 year ago • 0 comments

Right now we use cve-bin-tool to scan the main requirements.txt file and a few others. We've recently moved a bunch of the development requirements into dev-requirements.txt so they're no longer being scanned. I think it's probably important for us to also know what issues might come up in our dev toolchain, so it would be nice to add that to the scan.

@anthonyharrison might want to use this as an excuse to try out sbom4python in CI, but we can also just do it the way we've done with the other files.

terriko avatar Jul 27 '22 16:07 terriko