From b3af9421d9360ca967665875284e211e8cae7841 Mon Sep 17 00:00:00 2001 From: Jeffry Hesse Date: Tue, 26 Nov 2019 14:26:27 -0900 Subject: [PATCH] feat: Added R capability --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6ac5f1c7..0e601879 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Scan your libraries against either the free [OSS Index](https://ossindex.sonatyp ## Features -* Scan npm, Maven, RubyGems, Go or PyPi projects (Go is only supported on Linux or OS/X) +* Scan npm, Maven, RubyGems, Go, R (see known quirks) or PyPi projects (Go is only supported on Linux or OS/X) * See all components with vulnerable components highlighted ### Sonatype Nexus IQ Scan @@ -50,6 +50,7 @@ We try and use other tooling whenever possible, to avoid reinventing the wheel ( * R support depends on R being available, and your project needs a `.Rbuildignore` file otherwise we cannot determine it's an R project * This extension also runs an R script to get your installed packages (currently the best way we know of to do this), the way we get these can be seen at `scripts/installed.r` in our GitHub repo + * The way the R script runs, it finds all of the packages you've installed in the R environment, so not just for your project. This is because there is really no way to query for project specific packages, and appears to be a limitation of R. * Projects with both RubyGems and NPM (Gemfile.lock, and package.json), or similar * This extension currently picks one format, and scans for it. We haven't built a path to scan multiple project types, but that would be lovely. PRs welcome :)