Pre processing for golang packages

Sonatype Lifecycle & Repository Firewall
1

Could you please help us with below query.

Package golang.org/x/text : MinIO already uses the version v0.3.3, but is being reported as vulnerability in IQ scan.

Can Sonatype provide some pre-processing for Go components as is done for NPM components by asking the dependency management system which libraries it would pick and grab them for checking as it were.

2 Likes
2

I’ve got this same issue. I’m thinking this is a false positive because we vendor our deps and it’s scanning the go.sum files in our vendor directory.

1 Like