-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add github dependency analysis #197
base: main
Are you sure you want to change the base?
Conversation
Thanks @yazgoo. That looks like a great improvement. I'll take a closer look at it soon. |
Hi @adpi2 , is there something I can do to improve this PR ? |
Sorry, I did not get the time to review it yet. But it is near the top of my todo list. I will probably have time to review it next week. |
@yazgoo here is my feedback. I think that So I suggest that To find what pulls the vulnerable dependencies, one can use |
The issue with sbt-dependency-graph (and other dependency/CVE analysis tools I used) is that I don't get the same exact results as this plugin, this is why I implemented those functionalities. Another possibility is that I write a separate plugin with these functionaliities, but I'd like to use the snapshot in sbt state for this. |
group "alerts" and "cve" command in one command to make it easier to use.
@adpi2 does it look good to you with these latest changes ? |
This adds a new command for interactive usage:
This aims at making dependency analysis easier and more in sync with what the snapshot actually contains.
Here is an example of session on this repo https://github.com/yazgoo/scala-meetup-june-2024
retrieve github alerts
check snapshot against alerts
list versions of libs in snapshot:
find what pulls the broken dependency