Hi, Im hoping someone can offer some guidance here. We have Sonatype Nexus 3 Repository Manager (OSS version).
We have the public PyPi repos proxied in such a way that we have a “production” repo, and a “staging” repo, the thinking was that requests to add new packages to the “production” repo would first be added to “staging” so we can let the package scanner run and inform the decision as to whether we should allow it. All in order to help gives us better visibility and mitigate the risk in our supply chain.
Now where this falls down is, we can obviously see how many issues were found, but for the life of me I can’t find a way to view which individual packages are responsible for that issue.
Is there anyway at all to see it? Or is the only answer to pay for the Nexus Firewall?
Thanks