Hi,
Does Nexus IQ currently support Dependency Tree for Python projects? If not, when do you plan to implement it?
Contrary to a simple requirements.txt file, poetry.lock contains dependency information about transient packages and can be used as a source for the dependency tree feature.
Our use case is the following:
We want to be able to label known, “vetted” packages and fail the report when a non-vetted package is included. We only want to do this for direct dependencies and ignore this on transient dependencies.
For this we want to create a policy which checks:
- If label IS “Vetted”
AND - If Dependency Type is “Direct”
Without having a Dependency Type, all dependencies are listed as Direct and I have no option to implement this.
Best regards,
P