pdm.lock support for Dependency Scanning
Problem to solve
PDM is A modern Python package and dependency manager supporting the latest PEP standards
. It produces pdm.lock
files which are not currently supported by Dependency Scanning.
Proposal
Add the ability to parse pdm.lock
files to gemnasium-python
.
gemnasium-python
should parse pdm.lock
without running any Python command.
As a result, the scan should be scan and compatible with any version of Python.
This is similar and related to Handle requirements.txt files produced by pip-c... (#418321).
Related links
This was brought up in the following comments:
Edited by Fabien Catteau