Open Issues Need Help
View All on GitHubAI Summary: This issue proposes adding support for Go modules as a package manager. It involves creating a Go module client, parsing `go.mod` and `go.sum` files, setting up a Go-specific sandbox, and implementing detection rules for Go's unique dependency resolution mechanisms like CGO, native compilation, module proxies, and build-time code execution.
AI Summary: This issue proposes adding support for analyzing Ruby gems from RubyGems.org within the VIGIL tool. It involves creating new client logic, handling Ruby-specific lockfiles, developing a sandbox environment, and defining detection rules for Ruby gem installations and code execution.
AI Summary: This issue requests an update to the project's README file. Specifically, it needs to document the newly added `--parallel N` flag, which was introduced in a previous pull request. This documentation should be added to the section detailing scan options.
AI Summary: This issue requests the addition of a new command-line interface (CLI) test to verify the functionality of the `--no-color` flag. The test should execute a command with this flag and assert that the output does not contain any ANSI escape codes, ensuring colored output is correctly disabled.
AI Summary: This issue requests the addition of unit tests for the `internal/colorutil` package. The goal is to improve test coverage by writing tests for several specific functions within this package, including `ColorizeSeverity`, `ColorizeRiskLevel`, `PrintRiskLevel`, `ColorizePackageRisk`, and `ApplyNoColor`.
AI Summary: This issue proposes adding color coding to the command-line interface (CLI) output. The goal is to visually distinguish different severity levels (CRITICAL, HIGH, MEDIUM, LOW) with corresponding colors (red, orange, yellow, green) to improve readability and quick scanning of results.
AI Summary: This issue proposes adding a new command-line flag, `--fail-above`, to the VIGIL tool. This flag would allow users to specify a risk score threshold, causing VIGIL to exit with an error code if any package's risk score exceeds this value. This enhancement aims to simplify CI/CD pipeline integration by avoiding the need to parse JSON output.
AI Summary: This issue requests the addition of comprehensive unit and integration tests for several core components of the project, including the rule engine, risk scoring, analyzer, and resolver, as well as the CLI output. The lack of existing test coverage is highlighted as a critical blocker for accepting external contributions.