Keshav Priyadarshi
Keshav Priyadarshi
I was able to load the 1.4 XML BOM for Laravel listed here https://github.com/CycloneDX/bom-examples/blob/0979663521c4623792dc432d09f88bcb85862a62/SBOM/laravel-7.12.0/bom.1.4.xml, and I got all the associated dependency data in the Packages table.
Also, all dependencies with concrete versions are treated as packages (DiscoveredPackage), and only those dependencies for which we don't have a concrete version are stored as Dependencies (DiscoveredDependency). In most...
@poju3185 please add signoff to your commit, and you may want to go through this https://aboutcode.readthedocs.io/en/latest/contributing/writing_good_commit_messages.html.
OpenSSL also provides an updated JSON feed https://www.openssl.org/news/secjson
Completed by @johnmhoran in https://github.com/nexB/vulnerablecode/pull/1483
> @keshav-space is this what you are working on with the pipelines? @pombredanne yes!
> I think we could: > > 1. extract Span as its own mini library also reused in ScanCode? May be this is overakill though > 2. have a fallback...
@ziadhany, all CIs are passing now.
Yeah, It makes a lot more sense to have an in-house fix for this. I don't see this making its way upstream.
@rbarrois awesome! will raise an issue for this along with the potential patch. We can take it forward from there :)