Nexus IQ yum analysis not working

Hello
I followed the Nexus IQ documentation to scan RPM components:
https://help.sonatype.com/iqserver/analysis/yum-package-analysis

When my yum-packages.txt contains:

git.x86_64 2.27.0-1.el8 @ubi-8-appstream-rpms

The latest critical git vulnerabilities are not detected by Nexus IQ.

When my yum-packages.txt contains:

git.x86_64 1.8.2.3-1.el5 @ubi-8-appstream-rpms

This time the latest critical git vulnerabilities are detected by Nexus IQ.

I made the conclusion that Nexus IQ yum analysis is based on ossindex.sonatype.org to operate,
which is a completely outdated repository, only 2 git versions are referenced:

Do you plan to do something?

Eric

Hi @ericth - thanks for your post! We only support RPMs from the EPEL repositories at this time.

I would suggest visiting the Sonatype Ideas portal and submitting an idea - that you would like us to ingest RPMs from repositories other than the EPEL repositories.

You can also encourage others to vote for your idea and track its progress - someone from our team will reach out there if you submit an idea as well.