dep-scan

dep-scan copied to clipboard

-o argument currently accepts a single file which is then used to derive different filenames. This should be fixed by accepting a directory name for `-o` argument.

prabhu

Are there any plans to support SARIF format in the near future？

4

ref https://github.com/microsoft/sarif-tutorials/tree/main/samples This allows you to view messages through GitHub security alerts.

lvyinggithub

https://github.com/CSPF-Founder/JavaVulnerableLab Needs more alias especially for some CVE such as CVE-2015-0254

prabhu

jruby-complete is offered under licenses: EPL-2.0, GPL-2.0, LGPL-2.1 https://mvnrepository.com/artifact/org.jruby/jruby-complete It is not possible to compute an effective license string in this case so the tool is producing multiple entries like...

prabhu

Tool should recommend the start year based on the oldest vulnerability

2

Currently, `NVD_START_YEAR` is configurable with a default value of 2018. The tool should recommend a start year based on the oldest CVE found. If a CVE belonging to the year...

prabhu

The tool should allow suppression of false positives. We need: - A way of defining the suppressions. The [xml format](https://jeremylong.github.io/DependencyCheck/general/suppression.html) used by dependency-check is not suitable for the modern era....

prabhu

Add SECURITY.md with vulnerability reporting and disclosure policy

1

This introduces a SECURITY.md file to the project, outlining the OWASP dep-scan security policy. The file covers the following key points: - Supported versions and commitment to providing security updates...

iAnonymous3000

### Request Description pkg:nix ### Additional Information _No response_

prabhu

- [ ] BREAKING: Removed jsonl report - [ ] Bug fix: suggest mode was inadvertently creating an extra alias - [ ] Miscellaneous changes such as license db update

prabhu

### Request Description https://nix-community.github.io/pyproject.nix/ ### Additional Information _No response_

prabhu