You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -368,6 +368,14 @@ You can tune concurrency and increase the delay to reduce the chance of hitting
368
368
369
369
Each time a secondary rate limit is hit, the delay between fetching SBOMs is increased by 10%, to provide a way to adaptively respond to that rate limit.
370
370
371
+
## Limitations & future work
372
+
373
+
- Only malware advisories are synchronised from the GitHub Advisory Database, by design
374
+
- future work could allow synchronising from other compatible vulnerability databases to match additional ecosystems to those in the GHADB
375
+
- Semver matching is used for all ecosystems, which may not work correctly
376
+
- There is no continuous running mode - it runs as a one-off at the command line
377
+
- future work could allow running in a Docker container in this manner
378
+
371
379
## 🤝 Contributing
372
380
373
381
Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to this project.
0 commit comments