pdm.lock support for Dependency Scanning

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

PDM is A modern Python package and dependency manager supporting the latest PEP standards. It produces pdm.lock files which are not currently supported by Dependency Scanning.

Proposal

Add the ability to parse pdm.lock files to gemnasium-python.

gemnasium-python should parse pdm.lock without running any Python command. As a result, the scan should be scan and compatible with any version of Python. This is similar and related to Handle requirements.txt files produced by pip-c... (#418321 - closed).

Related links

This was brought up in the following comments:

• #365310 (comment 1081475428)
• #418321 (comment 1746436499)
• #418321 (comment 1742892044) - The poetry.lock parser looks to be reusable here as well.