-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: unmanaged scan unknown archives #137
Conversation
Instead of skipping over unknown archives, add them to the dep-graph as unknown so that users can see those archives. Helps users understand what has and what has not been scanned.
resolve({ | ||
g: 'unknown', | ||
a: `${targetPath}:${sha1}`, | ||
v: 'unknown', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here we might have a version or group at this point but we decide to mark both as unknown
to flag that this is where we cut the transitive path because we couldn't resolve it, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't have either, marking version as 'unknown' makes the UI alert the user, marking group as unknown allows the user to search for them
🎉 This PR is included in version 2.31.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
See snyk/snyk-mvn-plugin#137 Adding warning message to indicate when projects have a dep-graph that contains packages with unknown versions (like in the Snyk UI).
See snyk/snyk-mvn-plugin#137 Adding warning message to indicate when projects have a dep-graph that contains packages with unknown versions (like in the Snyk UI).
Instead of skipping over unknown archives, add them to the dep-graph as unknown so that users can see those archives.
Helps users understand what has and what has not been scanned.