Rémi Pelhate
Rémi Pelhate
Looking at the docs, it looks like this is intended behaviour: https://aquasecurity.github.io/trivy/dev/vulnerability/detection/language/. They explicitly state that devDependencies are included in vulnerability scans for `yarn.lock`. However, they're not included in `package-lock.json`....
Perfect. Not sure if I'll be able to set it up this week, but I'm working on it ;)
Hi there! Is there any status on this issue? I'm having the same problem on v3.0.6 using curve `prime256v1`. If I can help to solve this in any way, please...
Awesome! Thanks for the support @Spomky 🙏🏻