Description
Is your feature request related to a problem? Please describe.
Almost all open source tools out there uses one file for all its configurations needs, as its source of truth.
The FOSSA CLI has for some legacy reason opted to use both the file .fossa.yml and fossa-deps.yml for its needs. This is suboptimal as disoverability for developers is harder i.e. to get a full picture of the inputs used by the FOSSA CLI when scanning.
Describe the solution you'd like
Merge them.
Example:
version: 3
server: https://internal.somecompany.com/
project:
id: some-project
targets:
only:
- type: npm
path: ./
remote-dependencies:
- name: Node.js
version: 18.17.1
url: https://nodejs.org/dist/v18.17.1/node-v18.17.1-linux-x64.tar.gz
metadata:
description: Node.js is an open-source, cross-platform JavaScript runtime environment.
homepage: https://nodejs.org/This would simplify the setup for everyone and keep one source of truth. This does not need to be a breaking change in case .fossa.yaml is updated to support all top-level keys that exist in fossa-deps.yml. Deprecate fossa-deps.yml and remove support completely in a future release.