State of Golang analyzer?

62 views
Skip to first unread message

Spyros G

unread,
Jul 5, 2020, 10:37:13 AM7/5/20
to Jeremy Long, Dependency Check
Hi Jeremy and community, 
Since I didn't find anything relevant looking through open issues and PRs on github I thought I'd ask here.
I am trying to use the Golang analyzer for go.mod files. Is there any documentation on what is missing for the Golang analyzer to be stable?
From a quick look there is a couple things that could be slightly improved but it's not anything critical, so I was wondering what is the blocker for it being beta or stable.

Kind regards,
Spyros

Jeremy Long

unread,
Jul 21, 2020, 5:59:15 AM7/21/20
to Dependency Check
It is generally the amount of testing the core team has had to review the results of the analyzer and the number of tickets opened up against the analyzer. If we've done enough testing and the number of tickets is low to non-existent then we remove the expiremental tag.  The main purpose of the experimental tag is to let people know that their may be higher false positive/false negative rates.

--jeremy
Reply all
Reply to author
Forward
0 new messages