|
|
|
|
|
|
by hp
2818 days ago
|
|
|
It's analogous to something like Code Climate, Coveralls, TravisCI, etc. Some companies require an on-premise version or want to run the scan themselves and only call an "upload my dependencies as JSON" API, which is fine. The scan is only to get the list of deps and their versions, it doesn't care about the actual source code. |
|
|