Improve Go License/DependsOn scanning #7354
no10xcoder
started this conversation in
Ideas
Replies: 1 comment
-
Yes, please. Also, want to know how many users are still using
Trivy doesn't run an external command. Please let us know if you have any ideas. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Currently the Go scanner only detects licenses and transitive dependencies when the Go modules have been downloaded (see here and here)
For the license scanning I think it's also possible to scan the
vendor
folder when it's available. Let me know if you want me to draft an MR for that.For the transitive dependencies it's also a possibility to run
go mod download
, but I would understand if that goes a bit too far.Target
SBOM
Scanner
License
Beta Was this translation helpful? Give feedback.
All reactions