You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, the OSS index component report (and underlying API) are not able to retrieve vulnerabilities maintained in the OSS index agnostic of such modifiers, i.e. for pkg:conda/pkg-name@version only
This might be a (known) limitation of the OSS index for conda packages, where vulnerabilities are not maintained for the fully-qualified package URL. If that is the case, one might use only the pkg:conda/pkg-name@version part when using the OSS Index API
I am trying to use
jake
to query vulnerabilties of conda package as listed from an environment.This constructs a Conda packge URL (purl) as described in https://github.com/package-url/purl-spec/blob/f729aec79e3e13ac709d6675788634e53fe4d571/PURL-TYPES.rst#conda, which includes a number of qualifiers, e.g.
However, the OSS index component report (and underlying API) are not able to retrieve vulnerabilities maintained in the OSS index agnostic of such modifiers, i.e. for
pkg:conda/pkg-name@version
onlyExample
yields
The text was updated successfully, but these errors were encountered: