Sign in or sign up before continuing. Don't have an account yet? Register now to get started.

Static reachability offline support

Problem description

Currently Static Reachability requires an internet connection because the SCA-to-sarif-matcher download the pypi-metadata.

Proposal and Implementation plan

Integrate SCA-to-sarif-matcher in the DS analyzer code.
Add pypi-metadata as part of the DS analyzer image
~~Add a release job that can run on a scheduled pipeline once per week to rebuild the image and update the latest release. We want to do that in order have the most up-to-date pypi-metadata.~~
Update template
Update DS component
Update SCA-to-sarif-matcher documentation that is moved in DS
Update public facing docs

Edited Jun 02, 2025 by Nick Ilieskou