You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/detectors/vcpkg.md
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,10 @@ The vcpkg detector searches for `vcpkg.spdx.json` files produced by vcpkg during
11
11
Because this detection strategy looks for the concrete files in the installed tree, it will accurately detect the precise packages used
12
12
during this build and exclude packages optionally used on other platforms.
13
13
14
+
## Enhancements
15
+
16
+
The latest versions of `Component Detector (>= v5.2.26)` and `VCPKG (>= 2025.02.14)` resolve issues with Vcpkg detection by linking `vcpkg.spdx.json` files to their originating `vcpkg.json` file. This improvement, enabled through the new `manifest-info.json` introduced in `VCPKG`, ensures accurate dependency tracking and streamlines workflows like vulnerability resolution (e.g., Dependabot).
17
+
14
18
## Known limitations
15
19
16
20
The vcpkg detector does not distinguish between direct dependencies and transitive dependencies. It also does not distinguish
0 commit comments