Support for Go module pseudo-versions #6534
Unanswered
metalmatze
asked this question in
Q&A
Replies: 1 comment 3 replies
-
The only way is to ask for Major version suffixes to be attached to that module. If I understand correctly, it's mandatory.
|
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Question
We depend on some Go modules that don't follow the sub-path conventions. Meaning, they don't release with a
/v2
suffix, for example. Therefore, we have to use pseudo-versions of these Go modules...This causes Trivy to complain:
The version we actually depend on is
3705207f0190
, which in turn is https://github.com/dexidp/dex/releases/tag/v2.39.1We are wondering how to move forward with this. Anything you recommend?
Target
Filesystem
Scanner
Vulnerability
Output Format
Table
Mode
Standalone
Operating System
Arch Linux and GitHub Actions
Version
Beta Was this translation helpful? Give feedback.
All reactions