Skip to content

Incorporate SCA results into 3rd party check #17

Description

@dipsylala

The SCA results can be used to review the 3rd party libraries within third_party.go. These are already pulled back as part of the detailed report, and the existence is used in missing_sca_components.

software_composition_analysis / vulnerable_components / component - the file_name attribute.

If there is a selected top level module that matches the file_name, we can class it as 3rd party alongside the existing list.

There is a chance that the filename will not match due to it being renamed, but this is typically the exception rather than the rule.

Sample Build ID: 34772495

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions