You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While it's great that it points to settings.gradle.kts, but it's unclear from a get-go where exactly the dependency comes from (production/tests, direct/transitive, project/plugin/version catalog/included build/build logic etc)
It would be nice to have at least project name and configuration name in the description
The text was updated successfully, but these errors were encountered:
We tried, but there's no mechanism in the GitHub Dependency Graph API to map a dependency to a particular project/configutration, without having a separate vulnerability alert reported for every project/configuration that uses the dependency.
Currently, the report looks like this:
![image](https://private-user-images.githubusercontent.com/4946730/340720910-fd82db4a-bcce-44ce-a795-c84ec19a0e44.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA3NTI1NzEsIm5iZiI6MTcyMDc1MjI3MSwicGF0aCI6Ii80OTQ2NzMwLzM0MDcyMDkxMC1mZDgyZGI0YS1iY2NlLTQ0Y2UtYTc5NS1jODRlYzE5YTBlNDQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcxMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MTJUMDI0NDMxWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ZDhiMzExMjExYmY5ZjkxY2Y2ZDk4NWU5NThlMDdiNjFlMjdkNjZhNGIwMTM5YzhlNmJhYjRjN2IwZTU2YjhjNiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.UubmNO3mBHJKA-U3DgVFXGeBDOnBTyHmHo4Ob2LpTFc)
While it's great that it points to
settings.gradle.kts
, but it's unclear from a get-go where exactly the dependency comes from (production/tests, direct/transitive, project/plugin/version catalog/included build/build logic etc)It would be nice to have at least project name and configuration name in the description
The text was updated successfully, but these errors were encountered: