[FEEDBACK] The new Dependency Scanning Analyzer
With our transition to SBOM-based dependency scanning feature we provide a new Dependency Scanning analyzer as a replacement to the previous Gemnasium analyzer, which offers the following benefits:
- Increased language support. The deprecated Gemnasium analyzers are constrained to a small subset of Python and Java version support.
- Increased performance. Depending on the application, builds invoked by the Gemnasium analyzers can last for almost an hour, and be a duplicate effort.
- Smaller attack surface. To support its build capabilities, the Gemnasium analyzers are preloaded with a variety of dependencies. The new dependency-scanning analyzer removes a large amount of these dependencies that results in a more secure footprint.
- Simpler configuration. The deprecated Gemnasium analyzers frequently require the configuration of proxies, CA certificate bundles, and various other utilities to function correctly. The new solution removes many of these requirements.
This feature is currently in Beta. To ensure quality as the feature makes progress towards GA, we'd like to collect user feedback.
🎗️ How to give feedback
- Check existing feedback & known issues: Before submitting, check to see if your feedback is already captured in the linked items, known issues, or reported by someone else in one of the threads. If so, comment on the existing thread or leave an emoji reaction to show support.
- Start a new thread: If your feedback is not listed, start a new thread with a descriptive title. Include relevant details, screenshots, and steps to reproduce the issue in expandable sections.
- Be Specific: Provide as much detail as possible, including device/browser information, steps to reproduce, and expected vs. actual outcomes.
🤝 What you can expect from us
- We will read all of your feedback.
- We may not respond to all feedback directly.
- We will create issues for repeatable bugs and assign a priority based on severity.
Known issues
Edited by Oscar Tovar