Isabella Skořepová @draslovka

Yes, that's my understanding at least. If you go to `Insights > Dependency Graph` and select `pip` ecosystem on a repo with `uv.lock` you'll only see dependencies from pyproject.toml.

Since vulnerability scanning is critical for us and it was blocking `uv` adoption we came up with the following github action: ```yaml on: push: branches: - "**" jobs: submit-uv-dependencies: runs-on:...

> I created a workaround action for now, that parses the uv.lock files in your repository and submits them, so you have the full graph: https://github.com/rmuir/uv-dependency-submission Awesome, we have something...