feat: use ghsa to improve matching for cpes #811
Labels
enhancement
New feature or request
Comments
|
I wanted to keep track of this idea when my pr closes its source issue in order to investigate in the future |
|
Yes, so I'm already working on a feature for this internally. It will be configurable to define some hierarchy of namespaces which should be considered authoritative. I'll let you know when I'm ready with it so you can evaluate. |
|
Thanks @westonsteimel! |
|
Amazing! @westonsteimel I skimmed the v4 schema and I'm super excited for it too |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Another thing which might potentially be useful (and should probably be configurable on individual ecosystem matcher level) could be if we find an NVD match and that CVE has a GHSA for another ecosystem (and the eocsystem we're matching for is supported by GitHub) we filter it out. Hopefully that makes sense but if not I can try and explain it better.
Originally posted by @westonsteimel in #390 (comment)
The text was updated successfully, but these errors were encountered: