Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.NET deps.json should be considered as installation evidence #3570

Open
wagoodman opened this issue Jan 8, 2025 · 0 comments
Open

.NET deps.json should be considered as installation evidence #3570

wagoodman opened this issue Jan 8, 2025 · 0 comments
Labels
bug Something isn't working ecosystem:dotnet relating to the .NET / nuget ecosystem

Comments

@wagoodman
Copy link
Contributor

There is discussion in #3176 regarding what the correct cataloger to use for the example image. However, the deps.json is compiler output and really should be considered as installed evidence (today we only consider it as declared evidence).

We should most likely merge the PE-binary cataloger and the deps.json cataloger into one, where we only parse PE binaries that do not already have representation in a deps.json file. This would be an installed-type cataloger and run for both dir and image scans.

Note on compatibility: to not break existing users we need to add a third cataloger that does this merging behavior and fix the tags for the existing catalogers so they are not run by default.
@wagoodman wagoodman added bug Something isn't working ecosystem:dotnet relating to the .NET / nuget ecosystem labels Jan 8, 2025
@kzantow kzantow mentioned this issue Jan 8, 2025
Open
@wagoodman wagoodman moved this to Ready in OSS Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working ecosystem:dotnet relating to the .NET / nuget ecosystem
Projects
OSS
Status: Ready
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wagoodman