Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include information about CVE patches in CycloneDX output #102

Merged
merged 1 commit into from
Dec 27, 2023
Merged

Include information about CVE patches in CycloneDX output #102

merged 1 commit into from
Dec 27, 2023

Conversation

raboof
Copy link
Contributor

@raboof raboof commented Dec 23, 2023

No description provided.

@henrirosten
Copy link
Collaborator

@raboof : thanks for the PR.
Let me know if/when you want a review on this change.

@raboof raboof force-pushed the include-CVE-patches-in-CycloneDX branch from c5b2ce3 to 01dac52 Compare December 26, 2023 11:22
@raboof
Copy link
Contributor Author

raboof commented Dec 26, 2023

@raboof : thanks for the PR. Let me know if/when you want a review on this change.

I think it's ready for a review now.

I didn't add any explicit test, but I did check that the existing test that generates an SBOM for hello also contains dependencies that have security patches, and that test still succeeds (indicating the generated sections conform to the schema).

henrirosten
henrirosten requested changes Dec 26, 2023
View reviewed changes
Copy link
Collaborator

@henrirosten henrirosten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR, see the below comments.
Also, can you add a short description to this PR explaining why this change is needed?

src/sbomnix/sbomdb.py Outdated Show resolved Hide resolved
src/sbomnix/sbomdb.py Outdated Show resolved Hide resolved
src/sbomnix/sbomdb.py Outdated Show resolved Hide resolved
@raboof raboof force-pushed the include-CVE-patches-in-CycloneDX branch from 01dac52 to e50cd12 Compare December 26, 2023 15:07
@raboof
Include CVE patch info in cdx output
323fac4 
This is helpful when the SBOM is used in vulnerability scanner
software down the line, so it is more easily obvious that these
CVEs have already been patched in this case.

Signed-off-by: Arnout Engelen <arnout@bzzt.net>
@raboof raboof force-pushed the include-CVE-patches-in-CycloneDX branch from e50cd12 to 323fac4 Compare December 26, 2023 15:12
@raboof raboof requested a review from henrirosten December 26, 2023 15:13
@henrirosten henrirosten merged commit 31f17d1 into tiiuae:main Dec 27, 2023
3 checks passed
@henrirosten
Copy link
Collaborator

Thanks, merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@henrirosten henrirosten henrirosten approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@raboof @henrirosten