PNPM analyses

[ivanmjartan]

Hello guys I am trying to run fossa scan on our public repository and I am preforming scan only on top of pnpm-lock.yaml file. We are using RUSH as monorep tool.

So I have setting in my repo .fosss.yml

Problem is that part of my monorepo is also tooling library and tooling dependency occurred in attribution file.

Is there way how to exclude some packages from scan if I am performing scan only on top of pnpm lock file ?

for example in my lock file is this tool package https://github.com/gooddata/gooddata-ui-sdk/blob/master/common/config/rush/pnpm-lock.yaml#L5893C3-L5893C22

How can I set it into .fossa.yml

this part of code is not working and scan contain still all dep from pnpm-lock.yaml

version: 3
project:
  id: gooddata-ui-sdk

telemetry:
  scope: 'off'

targets:
  only:
    - type: pnpm
      path: common/config/rush
  exclude:
    - type: bundler
      path: ../../tools/applink # or tools/applink etc ...

Thanks very much for hints

[github-actions]

Thank you @ivanmjartan for creating this issue. If this is in regards to a defect, product question or feature request: you should use our support portal at https://support.fossa.com to file a request, as you would receive more immediate support.