josieang
josieang
I'd like feedback on the config yaml schema, the filter message and it's behaviour if the version is empty (it filters any version of that package). This is in response...
This point was brought up in In https://github.com/google/osv-scanner/pull/637. We might like to make a policy that osv-scanner will only use versions of Go, say at least two release behind. This...
This was discussed in: https://github.com/google/osv-scanner/pull/501#discussion_r1401646226 Return error codes don't seem to be the right way to report what combination of vulnerability, called vulnerabilities, license violations. It's simpler to just return...
The NewReader method in reader.go doesn't check that the magic header is correct, this leads to some strange things, like ascii text files being parsed without any error. This change...