Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for .Net core .deps.json files #2421

Closed
knqyf263 opened this issue Jun 29, 2022 · 2 comments · Fixed by #2487
Closed

Add support for .Net core .deps.json files #2421

knqyf263 opened this issue Jun 29, 2022 · 2 comments · Fixed by #2487
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning
Milestone
v0.30.0

Comments

@knqyf263
Copy link
Collaborator

knqyf263 commented Jun 29, 2022
edited
Loading

Description

.Net core generates a [appname].deps.json alongside the executable which contains the dependencies of that executable. Parsing it would provide information on dependencies for deployed .Net core executables. Support for parsing .deps.json was already added to go-dep-parser in aquasecurity/go-dep-parser#103. Also, there is a WIP PR aquasecurity/fanal#550. @astevenson-microsoft doesn't seem to be available now. If someone wants to take it over, it would be great.

Issues
@knqyf263 knqyf263 added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning labels Jun 29, 2022
@knqyf263 knqyf263 added this to the v0.30.0 milestone Jun 29, 2022
@afdesk afdesk mentioned this issue Jul 10, 2022
Merged
7 tasks
@usjpaq
Copy link

usjpaq commented Jul 18, 2022

Is there a config option to turn this feature off?

@knqyf263
Copy link
Collaborator Author

knqyf263 commented Aug 9, 2022

--vuln-type os scans only OS packages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. scan/vulnerability Issues relating to vulnerability scanning
Projects
None yet
Milestone
v0.30.0
Development

Successfully merging a pull request may close this issue.

feat(dotnet): add support for .Net core .deps.json files aquasecurity/trivy
2 participants
@knqyf263 @usjpaq