Maven ( pom.xml and maven required) Supports development dependency exclusion.Note: Android projects are not currently supported.gradlew.bat will take precedence over system gradle Gradle ( adle and gradle required) Supports development dependency exclusion.Conan (any conan formatted *.lock files).Good news for polyglots - the extension allows you to view violations across multiple ecosystems at once across the following formats:
Drill down into all of your dependencies to examine each package version for violations to determine whether you should upgrade or move to a different version at a glance. Sonatype's VSCode extension allows you to surface and remediate issues in your Workspace dependencies without ever leaving your development environment.Īny developer can use the extension for free against our publicly available OSS Index vulnerability database while our commercial users can connect to Sonatype's Nexus IQ Server to evaluate against organizational policy.
0 kommentar(er)
