Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conflict when a package is both direct and transitive #833

Open
kennylam91 opened this issue Dec 13, 2024 · 0 comments
Open

Conflict when a package is both direct and transitive #833

kennylam91 opened this issue Dec 13, 2024 · 0 comments
Assignees
Labels
accepted We are working on this and hope to release it into the product

Comments

@kennylam91
Copy link

When I use sbom-tool v3 to scan a simple python project with requirements.txt containing:

Flask
Flask-MySQL

the relationship graph looks like this:
Image

I expect Flask as a direct package, but actually it's also a dependency of Flask-MySQL. With this relationship graph, we can't detect the correct direct components.

@JoseRenan JoseRenan added the needs triage Default status upon issue submission label Dec 16, 2024
@jalkire jalkire added accepted We are working on this and hope to release it into the product and removed needs triage Default status upon issue submission labels Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
accepted We are working on this and hope to release it into the product
Projects
None yet
Development

No branches or pull requests

3 participants