Find out how https://opendev.org/assets/js/licenses.txt was generated and if there is a format that's used commonly enough that we could treat this as a package-like data. Find a list of projects that may use this (openstack may be?)
The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number
I think the lines in the following documentation are somehow not in correct order. Maybe chunks were added between multi line statements. Especially import_str: is broken.
Parsing Yarn lock files fails when adding same package to dictionary, we should not break yarn detection as a whole but rather log the conflicting entry.
Error logs:
{"An item with the same key has already been added. Key: lodash@version"}
When we display a package manifest or lockfile in the resource details, we should have a way to add a hyperlink to the upstream repository web page for this repo: for instance when we browse a requirements.txt lockfile, if it contains: scancode-toolkit==30.0.1 we should recognize this and link to https://pypi.org/project/scancode-toolkit/30.1.0/
Currently we have some parts where we fetch data from external APIs with fetch. In opossum-tool/OpossumUI#472 we started using axios (mostly because it handles error codes for you).
Known usages of fetch:
useFetchPackageInfo
Do a search to find any other occurrences. Also look at opossum-tool/OpossumUI#472 to see how requests can be mo
Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.
A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.
Find out how https://opendev.org/assets/js/licenses.txt was generated and if there is a format that's used commonly enough that we could treat this as a package-like data. Find a list of projects that may use this (openstack may be?)