google/osv-scanner issues and pull requests

#1299 - license checker problems with SPDX expressions AND / OR

Issue - State: closed - Opened by jayvdb about 1 month ago
Labels: enhancement

#1298 - license checker not ignoring all dev deps

Issue - State: open - Opened by jayvdb about 1 month ago - 5 comments

#1297 - refactor: Update test names

Pull Request - State: closed - Opened by another-rex about 2 months ago - 1 comment

#1296 - test: update snapshots for guided remediation

Pull Request - State: closed - Opened by cuixq about 2 months ago - 1 comment

#1295 - Support local database for guided remediation

Issue - State: open - Opened by oliverchang about 2 months ago - 1 comment
Labels: guided remediation

#1294 - fix: use correct path separator in SARIF output when on Windows

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment
Labels: bug

#1293 - Scan `status` files used by Ubuntu

Issue - State: open - Opened by cav72 about 2 months ago - 3 comments
Labels: enhancement, V2 Wishlist

#1292 - chore(release): changelog for v1.9.0

Pull Request - State: closed - Opened by michaelkedar about 2 months ago - 1 comment

#1291 - docs: Callouts are hard to read

Issue - State: open - Opened by michaelkedar about 2 months ago
Labels: documentation

#1290 - fix: bump osv max concurrent requests

Pull Request - State: closed - Opened by hogo6002 about 2 months ago - 4 comments

#1289 - fix: warn about and ignore duplicate entries in SBOMs

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1288 - fix: sort sbom packages by PURL

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 2 comments

#1287 - Compatibility with CycloneDX 1.6

Issue - State: open - Opened by berndorin about 2 months ago
Labels: enhancement

#1286 - feat: fetch Maven metadata from specified repositories

Pull Request - State: closed - Opened by cuixq about 2 months ago - 2 comments

#1285 - fix: improve handling if `docker` exits with a non-zero code when trying to scan images

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1284 - test: update snapshot

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1283 - fix: output invalid PURLs when scanning sboms

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1282 - chore(deps): lock file maintenance

Pull Request - State: closed - Opened by renovate-bot about 2 months ago - 1 comment
Labels: dependencies

#1281 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot about 2 months ago - 1 comment
Labels: dependencies

#1280 - Do not fetch snapshots from the Maven repository disabling that

Issue - State: open - Opened by cuixq about 2 months ago
Labels: enhancement

#1279 - fix(offline): report all ecosystems without local databases in one single line

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1278 - fix: apply go version override to _all_ instances of the `stdlib`

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 2 comments

#1277 - Consider making "skip git" the default in v2

Issue - State: open - Opened by G-Rath about 2 months ago - 4 comments
Labels: V2 Wishlist

#1276 - Brais.cabofelpete/k9 vuln 843 dont report version for dependencies workspaces package.json

Pull Request - State: closed - Opened by BraisCaboFelpete about 2 months ago

#1275 - Display severity using ecosystem-specific priority tags

Issue - State: open - Opened by hogo6002 about 2 months ago
Labels: enhancement

#1274 - HTML output format for scanning result

Issue - State: open - Opened by hogo6002 about 2 months ago
Labels: enhancement, container-scanning-mvp

#1273 - Config file (GoVersionOverride) is not applied properly on recursive scans

Issue - State: closed - Opened by tuminoid about 2 months ago - 1 comment

#1272 - chore(deps): bump django from 2.2.24 to 3.2.25 in /cmd/osv-scanner/fixtures/locks-requirements in the pip group across 1 directory

Pull Request - State: closed - Opened by dependabot[bot] about 2 months ago - 2 comments
Labels: dependencies, python

#1271 - feat: assume `txt` files with "requirements" in their name are `requirements.txt` files

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1270 - chore(deps): update dependency webrick to v1.8.2 [security]

Pull Request - State: closed - Opened by renovate-bot about 2 months ago - 1 comment
Labels: dependencies

#1269 - Read Maven configurations from `settings.xml`

Issue - State: open - Opened by cuixq about 2 months ago
Labels: enhancement

#1268 - feat: support `vulnerabilities.ignore` in package overrides

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1267 - test: update case to reflect recent config parsing changes

Pull Request - State: closed - Opened by G-Rath about 2 months ago - 1 comment

#1266 - Accept other names for requirements.txt files or provide a way to specify an extractor

Issue - State: closed - Opened by lengau about 2 months ago - 5 comments

#1265 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot about 2 months ago - 2 comments
Labels: dependencies

#1264 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot about 2 months ago - 1 comment
Labels: dependencies

#1263 - refactor: Follow revive rules across the repo

Pull Request - State: closed - Opened by another-rex about 2 months ago - 1 comment

#1262 - feat: group DSA and its CVEs together

Pull Request - State: closed - Opened by hogo6002 about 2 months ago - 1 comment

#1261 - Group using related field for specific ecosystems

Issue - State: open - Opened by another-rex 2 months ago
Labels: enhancement

#1260 - Implement query paging

Issue - State: open - Opened by another-rex 2 months ago
Labels: bug, enhancement

#1259 - chore: make guided remediation follow revive's default lint rules

Pull Request - State: closed - Opened by michaelkedar 2 months ago - 3 comments

#1258 - feat(output): add HTML output format

Pull Request - State: closed - Opened by hogo6002 2 months ago - 2 comments

#1257 - Reenable `revive` golangci-lints

Issue - State: closed - Opened by another-rex 2 months ago - 2 comments
Labels: infra

#1256 - ci: pin `amannn/action-semantic-pull-request` to a commit

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1255 - ci: pin `actions/stale` to a commit

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1254 - test: update snapshots with new security vulnerabilities

Pull Request - State: closed - Opened by G-Rath 2 months ago - 4 comments

#1253 - chore: deprecate parser functions in favor of their extract equivalents

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1252 - fix: don't allow `LoadPath` to be set via config file

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1251 - test: ensure `cmp.Diff` usage is consistent

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1250 - test: restructure internal `config` cases and fixtures

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1249 - feat: error if configuration file has unknown properties

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1248 - refactor: simplify and reuse `tryLoadConfig`

Pull Request - State: closed - Opened by G-Rath 2 months ago - 2 comments

#1247 - chore(deps): update workflows

Pull Request - State: closed - Opened by renovate-bot 2 months ago - 1 comment
Labels: dependencies

#1246 - fix(deps): update osv-scanner minor

Pull Request - State: closed - Opened by renovate-bot 2 months ago - 1 comment
Labels: dependencies

#1245 - feat: Copy over dark docs theming from osv.dev

Pull Request - State: closed - Opened by another-rex 2 months ago - 1 comment

#1244 - Support pyproject.toml files

Issue - State: open - Opened by AdamKorcz 2 months ago - 1 comment
Labels: enhancement

#1243 - feat: allow explicitly ignoring the license of a package in config

Pull Request - State: closed - Opened by G-Rath 2 months ago - 3 comments

#1242 - fix: announce when a config file is invalid and exit with a non-zero code

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1241 - fix: don't assume there's always a reason for a package being filtered out

Pull Request - State: closed - Opened by G-Rath 2 months ago - 1 comment

#1240 - Maven resolution fails with native data source when `maven-metadata.xml` is missing from repository

Issue - State: closed - Opened by michaelkedar 2 months ago
Labels: bug, guided remediation

#1239 - Support profile activation in Maven pom.xml resolution and writing

Issue - State: open - Opened by michaelkedar 2 months ago - 3 comments
Labels: enhancement, backlog

#1238 - Fail to update Maven packages with properties in their names

Issue - State: open - Opened by michaelkedar 2 months ago
Labels: bug, guided remediation

#1237 - chore(release): changelog for v1.8.5

Pull Request - State: closed - Opened by cuixq 2 months ago - 1 comment

#1236 - fix: make Alpine ecosystem fallback to latest release version

Pull Request - State: closed - Opened by michaelkedar 2 months ago - 1 comment

#1235 - feat(guided remediation): remediate unresolved dependency management vulns

Pull Request - State: closed - Opened by michaelkedar 2 months ago - 1 comment
Labels: guided remediation

#1234 - Add partial parsing support for setup.py

Pull Request - State: closed - Opened by rtfpessoa 2 months ago

#1233 - chore: update Go to version 1.22.7

Pull Request - State: closed - Opened by cuixq 2 months ago - 2 comments

#1232 - chore: update test snapshots

Pull Request - State: closed - Opened by cuixq 2 months ago - 1 comment

#1231 - chore(deps): update golang docker tag to v1.23.1

Pull Request - State: closed - Opened by renovate-bot 2 months ago - 2 comments
Labels: dependencies

#1230 - chore(deps): update alpine:3.20 docker digest to beefdbd

Pull Request - State: closed - Opened by renovate-bot 2 months ago - 2 comments
Labels: dependencies

#1229 - Inquiry about the plans for the experimental offline mode

Issue - State: open - Opened by chheda-deshaw 2 months ago - 4 comments
Labels: enhancement, V2 Wishlist

#1228 - fix: govulncheck calls on C code

Pull Request - State: closed - Opened by another-rex 2 months ago - 2 comments

#1227 - Integrate Vanir

Issue - State: open - Opened by oliverchang 2 months ago - 1 comment
Labels: enhancement, backlog

#1226 - Add vulnerabilities.ignore flag to just ignore vulnerabilties.

Issue - State: closed - Opened by another-rex 2 months ago - 2 comments
Labels: backlog

#1225 - feat(internal): marshal self-closing tags in XML

Pull Request - State: closed - Opened by cuixq 2 months ago - 1 comment

#1224 - refactor(guided remediation): Take `PreFetch` out of `DependencyClient` interface and prevent repeated datasource network calls

Pull Request - State: closed - Opened by michaelkedar 2 months ago - 1 comment
Labels: guided remediation

GitHub / google/osv-scanner issues and pull requests