maitrayshah-cb

Testing YarnAudit Auto Fix functionality.

Updated parsing of gradle dependencies using `reportDependencies` task. For this to work the users would need to update the root build.gradle to create a task which Salus will call during...

Added license detection for pypi packages. It curls `https://pypi.org/pypi/` to collect that information.

- Updating gradle scanner logic to use dependency lockfiles - https://docs.gradle.org/current/userguide/dependency_locking.html ``` allprojects { projects -> dependencyLocking { lockAllConfigurations() } task resolveAndLockAll { doFirst { assert gradle.startParameter.writeDependencyLocks } doLast {...

- Removing unused files in `/bin`. - Common Python dependency parser. - Common Gradle dependency parser. - Common Swift dependency parser.

**Using Github Advisory database as a scanner** - Added: GithubAdvisory Scanner: Base class handles connection to Github Advisory API, error handling and querying. - Added: GoGithubAdvisory Scanner: Handle getting dependencies...

Directly use patch version return by yarn audit.

Trufflehog - Exclude files

3

Support excluding files for Trufflehog Scanner. ``` scanner_configs: Trufflehog: exclude_files: # List of file paths to ignore - env.json - secrets.txt only-verified: false # Only output verified results. # true...

Support for `detected_versions` for OSV Scanners.