internal/private npm packages #3569
Unanswered
habsfanongit
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
Thanks to all the contributors for the great tools.
I have a mono repo with private repos named (@repo/tools, @services/api) when I upload the sbom, these packages are reported as vmware tools with vulnerabilities when they have no relationship to any VMware functionalities. I also noticed a library in expressjs being reported as a rust vulnerability.
Is there a recommended naming convention to avoid this type false positive?
bom(1).json
Beta Was this translation helpful? Give feedback.
All reactions