Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doc: vulns database vs private packagist monitoring #60

Open
pierreboissinot opened this issue Mar 3, 2021 · 2 comments
Open

Doc: vulns database vs private packagist monitoring #60

pierreboissinot opened this issue Mar 3, 2021 · 2 comments
Assignees
@lili2311
Labels
Feature request

Comments

@pierreboissinot
Copy link

I started using Snyk on project using npm and composer.

There is no documentation explaining which resources are fetched to search vulns from composer.lock.

For example, private packagist offers security monitoring and for the same composer.lock, Snyk doesn't find any vuln but Packagist do.

Is it possible to have a post like for NPM dependencies ? https://support.snyk.io/hc/en-us/articles/360010452717-Snyk-Vs-NPM-Audit

I work at a company which develop web app on top of Symfony framework (PHP), and we watn to be sure that Snyk report are at least as reliable as Private Packagist.

Thanks.
@lili2311
Copy link
Contributor

Hi @pierreboissinot I've passed your request along to the relevant team, will let you know once I have an update.

@lili2311
Copy link
Contributor

@pierreboissinot I have raised this as a feature request with the team. We will be in touch if there is any news to share on this.

@lili2311 lili2311 self-assigned this Jun 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lili2311 lili2311

Labels
Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lili2311 @pierreboissinot