Track Status / Support Life Cycle of packages (supported/unsupported/abondoned/...) #4476
Open
2 tasks done
Labels
enhancement
New feature or request
Comments
|
Yes, nuget has the ability to deprecate packages. It would be good if that could be flagged as an operational risk. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current Behavior
Status / Support Life Cycle of packages is not tracked by Dependency Track
Proposed Behavior
Some package repositories provide information about packages that are abondoned (Composer). Other repositories might also provide information about whether packages are supported or unsupported.
It would be good if these could be tracked by Dependency Track, for example to add risk scores or flags to packages that are abandoned.
Some example from Compose / Packagist:
https://packagist.org/p2/laminas/laminas-text.json
"abandoned": truehttps://packagist.org/p2/laminas/laminas-mail.json
"abandoned": "symfony/mailer"symfony-maileris suggested as replacement for the abandonedlaminas-mail.Checklist
The text was updated successfully, but these errors were encountered: