vulnerable code uses svn to check git tags

[tardyp]

Following code is using github svn adapter to check for git tags:

https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/package_managers.py#L389

This solution do not work when importer is behind a proxy.
Couldn't we just use the github api or parse the info/refs api?

[Hritik14]

This solution do not work when importer is behind a proxy

You will have to configure svn to use proxy. Try this or this

Couldn't we just use the github api or parse the info/refs api

We decided to go the svn way to avoid requiring github tokens or making too many requests to GitHub.

[tardyp]

Now that the GH_TOKEN is more or less mandatory, I think we should revise this solution. ( I have proposed a solution in the associated PR)

Having to configure svn in order to run this tool in an enterprise environment looks very unintuitive.

Usually the proxy are configured with the variables https_proxy/http_proxy.

If the tool is using svn as an implementation detail and https_proxy is configured, then it should take the responsibility of configuring the svn tool properly.