Charles Coggins
Charles Coggins
The `phylum-ci` hook uses [phylum](https://www.phylum.io) to provide analysis of project dependencies from a lockfile during a commit containing that lockfile. The hook will fail and provide a report if any...
# Overview Currently, the Phylum CLI binary is signed using an RSA signing key. This signature can be verified using the corresponding public key for Phylum: ```sh $ openssl dgst...
## Overview The ability to `cargo update` this repository appears to be broken. The workflow that automates this process as a weekly task has been [broken since ~12 JUL 2024](https://github.com/phylum-dev/cli/actions/workflows/cargo-update.yml)....
The `dotnet` tool install path, as it gets installed for the Azure DevOps environment, is not included in the lockfile generation sandbox for allowed paths. It should be. It may...
Consider better cross-platform support by creating/saving/updating the `settings.yaml` file in a more natural location for the OS. This can be accomplished with the `dirs` crate from crates.io. Currently, a local...
## Overview The [Bun toolkit](https://bun.sh) has it's own lockfile, `bun.lockb`, that Phylum does not support. This issue is to track and discuss the level of interest for adding that support...
## Overview There are failures in CI when attempting to use the `ubuntu-24.04` runners. ## How To Reproduce Steps to reproduce this behavior: 1. Change the build and test runners...