Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps extractor: Support limiting ecosystems #5127

Open
puerco opened this issue Dec 4, 2024 · 0 comments
Open

deps extractor: Support limiting ecosystems #5127

puerco opened this issue Dec 4, 2024 · 0 comments
Labels
minder

Comments

@puerco
Copy link
Contributor

puerco commented Dec 4, 2024
edited
Loading

Minder's dependency extractor scans an entire ecosystem and reports back dependencies found anywhere in the codebase, and even from manifests such as SBOMs.

This can make it tough when a repository contains more than one source of dependencies such as more projects, SBOMs, test fixtures, etc. One way of scoping the data available to rules is to create a setting in the dependency extractor to pass a list of desired ecosystems, scanning can be fine-tuned to return only relevant results and the process can run more efficiently.

The list of ecosystems should be a list of strings and we should validate each to be a valid package URL type.

Related to #5128
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
minder
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@puerco