[BUG] No reported vulnerability for conda packages #145
Description
Describe the bug
I am reporting here the effect of an issue I believe is rather related to the OSS index itself (see sonatype-nexus-community/ossindex-python#19 for details), to make this visible to jake users and to check whether there is any mitigating actions that can be possibly done in jake itself
To Reproduce
- Run
echo "https://repo.anaconda.cloud/repo/main/linux-64/pandas-1.2.5-py39h295c915_0.conda#65bb716eebef11437dd18f0a5902a43b" \ | jake ddt -t CONDA
- No vulnerabilities reported
despite what reported at https://ossindex.sonatype.org/component/pkg:conda/pandas@1.2.5 (or using the REST API with
🐍 Collected 1 packages from provided specs ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00 🐍 Successfully queried OSS Index for package and vulnerability info ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00 🐍 Sane number of results from OSS Index ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00 🐍 Munching & crunching data... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00 Summary ┏━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ Audited Dependencies ┃ Vulnerabilities Found ┃ ┡━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩ │ 1 │ 0 │ └──────────────────────┴───────────────────────┘pkg:conda/pandas@1.2.5)
Expected behavior
Vulnerabilities that exist in the OSS Index should be reported
Desktop (please complete the following information):
- OS: Red Hat Enterprise Linux 8 (Ootpa)
- Python Version: 3.11.5
- Jake Version: 3.0.1
Additional context
Add any other context about the problem here.