Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] poetry toml files are not handled properly #753

Closed
ArnaudLacroix opened this issue Jun 3, 2024 · 2 comments
Closed

[BUG] poetry toml files are not handled properly #753

ArnaudLacroix opened this issue Jun 3, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@ArnaudLacroix
Copy link

Describe the bug

When scanning a Python project using poetry for dependency management, the pyproject.toml file is not scanned therefore no packages are detected.

Expected behavior

pyproject.toml and poetry.lock files should be scanned when the scan is trigger from the CLI.
This is already the case when the scan is done manually from the Checkmarx UI.

Actual behavior

Poetry files are not scanned, which means no python dependency is detected.

Steps to reproduce

  1. Pick a python project using poetry
  2. run a scan using the CLI
  3. run a manual scan from Checkmarx UI with a zip of the same project
  4. compare the SCA results : there will be no package detected in the scan report from the CLI
@ArnaudLacroix ArnaudLacroix added the bug Something isn't working label Jun 3, 2024
@tamarleviCm
Copy link
Contributor

This is strange, this is not the defined behavior
Check if you are using flags:
--file-include / -i
--file-filter / -f

@ArnaudLacroix
Copy link
Author

Hi,
This bug was fixed in mid-June, by #760

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ArnaudLacroix @tamarleviCm