-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] Scan dependencies determined by a requirements file without installing them #96
Comments
Hi @blackstream-x, Thanks for the request. Can you let us know:
Thansk! |
Hi @madpah ,
My intention was to scan project dependencies for vulnerabilities, but these dependencies caused a conflict with jake`s own dependencies:
So my idea was to resolve the dependencies using e.g. pip-compile (from pip-tools) and pass the compiled dependencies to |
I, too, was looking for a similar enhancement. I used -r requirements.txt and standard input to jake ddt -c in 0.2.77 (last Summer version). This all breaks as of 1.x, it seems. I need to check multiple versions for compliance. |
You mentioned that Do you have an example code for checking Say for example, I have generated a few conda |
I am seeing the same problem. The latest version of jake (v2.1.1) does not support the command line option -r requirements.txt , which was supported in previous versions such as 0.2.77 |
This issue seems to be a part of the feature request #104 |
What are you trying to do?
Scan dependencies determined by a requirements file without having to actually having these dependencies installed
What feature or behavior is this required for?
The jake installation itself has its own dependencies, and in certain cases these dependencies conflict with the dependencies of the scanned project (see https://gitlab.com/j2c-bce/helloworld-fastapi/-/jobs/2033667516 for an example situation. I solved it by upgrading the project dependencies in this case, but there might exist situation where that is not an option)
How could we solve this issue? (Not knowing is okay!)
Idk, maybe generate a SBOM from the requirements file and use that to look for vulnerabilities?
Anything else?
cc @bhamail / @DarthHater
The text was updated successfully, but these errors were encountered: