Wolfgang Klenk
Wolfgang Klenk
Trying to scan an ordinary Kotlin 2.0 project, including Gradle-Kotlin and some standard Spring Boot 3.3.0 dependencies lead to error messages about _no matching variant of ... found_. ### To...
Version: 0.10.0, 0.12.0 To reproduce, the following repository can be used for scanning: [https://github.com/danielhrisca/asammdf](https://github.com/danielhrisca/asammdf) This contains a dependency to [numexpr](https://github.com/pydata/numexpr) that itself has a line in its [requirement.txt](https://github.com/pydata/numexpr/blob/295f26b46059f72c7f9361a28e03537da66f9bd9/requirements.txt#L1C1-L1C66) has has...
While VCS implementations are already plugins, they are not yet configurable. VCS implementations require common configurations (e.g., `revision`, `recursive`) and should support VCS-specific configurations that are unique to each VCS....
For Go packages, both the namespace and name may contain path segments separated by a "/" character. The purl specification requires these "/" characters to be percent-encoded in the namespace...
### Describe the bug I am scanning a project with `ModGo` ORT package manager. One dependency is _quic-go_, release 0.40.0 , which definitely has vulnerability findings in the [VulnerableCode](https://public.vulnerablecode.io/) database....
Hello, I use ORT 34.0.0 in combination with VulnerableCode. The _GoMod_ ORT package analzyer returned a dependency: ``` id: "Go::github.com/quic-go/quic-go:0.40.0" purl: "pkg:golang/github.com%2Fquic-go%[email protected]" ``` On first sight, the purl looks strange,...