Pre processing for golang packages

Could you please help us with below query.

Package : MinIO already uses the version v0.3.3, but is being reported as vulnerability in IQ scan.

Can Sonatype provide some pre-processing for Go components as is done for NPM components by asking the dependency management system which libraries it would pick and grab them for checking as it were.


I’ve got this same issue. I’m thinking this is a false positive because we vendor our deps and it’s scanning the go.sum files in our vendor directory.

1 Like