Description
With the rise in AI, there is more focus on Python dependency management and SCA scanning. Python's dependency management system makes it easy for developers to leave dependencies out of the manifest. This means that almost every SCA tool that relies on a manifest will be wrong. We show how leveraging program analysis techniques one can avoid the pitfalls of these so-called phantom dependencies.