Comments (3)
karmingc
commented on August 12, 2024
1
@christophetd i'm going to close this issue since my intention is to inject this part of the CI/CD pipeline and not necessarily have it part of the development environment. Feel free to reopen if ever this needs to be addressed. Thank you for your team's work as well!
from guarddog.
christophetd
commented on August 12, 2024
Thanks for reporting! We're using pkg_resources.parse_requirements so I would definitely expect this to work
https://github.com/DataDog/guarddog/blob/main/guarddog/scanners/package_scanner.py#L151
from guarddog.
karmingc
commented on August 12, 2024
ah! without too much detail, it seems like the issue might be with the guarddog package given that it's pulled from github...
- add guarddog in
requirements.in - pip-compile
results in
...
guarddog @ git+https://github.com/DataDog/guarddog.git
# via -r requirements.in
...- returns 404
If I remove guarddog dependency line from requirements.txt, everything works as expected
from guarddog.
Related Issues (20)
- Identify Python scripts sending HTTP requests to common pentesting domains
- Package does not work in Python 3.12 HOT 1
- "Permission denied" when running GuardDog using the GitHub-hosted Docker image
- Support for maven? HOT 1
- PyPi Sarif Formatting broken in 1.4.0 HOT 1
- AttributeError: 'list' object has no attribute 'get' HOT 2
- failed to detect base64 code HOT 2
- Offline usage of GuardDog HOT 2
- Identify new malicious pypi packages HOT 4
- Additional malicious pypi snippets HOT 1
- Should GuardDog Stop Reporting Usage of "prepare" Scripts for NPM Packages? HOT 8
- Heuristics for PyPI Packages
- New pypi exploits HOT 11
- GuardDog Only Scans "setup.py" For Code Execution
- GuardDog fails to detect code-exec rule with Fernet obj
- Reduce the sensitivity of "npm_metadata_mismatch" check HOT 1
- Create a Separate GuardDog Signal for Admin Account with a Domain that can be Hijacked
- shady-links false positive on concatenation
- publish image to dockerhub HOT 2
- Wrong information showing on terminal HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from guarddog.