Tobias
opened 4 days ago
-
OneDev still uses an old version of OSV scanner. Will upgrade to latest version in next patch release to solve this issue.
| Type |
Question
|
| Priority |
Normal
|
| Assignee | |
| Labels |
No labels
|
Issue Votes (0)
Watchers (2)
Hi,
I am currently testing the OSV Vulnerability Scanner and the Trivy Filesystem Scanner with dependency files for C# deps.json. The OSV Scanner shows that no package source was found. The OSV scanner also finds nothing when I do not restrict the folder in the job workspace and activate the recursive option. With the trivy scanner, vulnerabilities are found in the same files. I also tested it with the OSV Scanner installed locally on my computer and the same deps.json files, and it worked.
Thank you in advance.