Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the CPE generation for spring-security-core #1789

Merged
merged 2 commits into from
May 5, 2023
Merged

Update the CPE generation for spring-security-core #1789

merged 2 commits into from
May 5, 2023

Conversation

joshbressers
Copy link
Contributor

This commit update the CPE generation to include vmware:spring_security in the CPE name which is what NVD uses for spring security vulnerabilities such as https://nvd.nist.gov/vuln/detail/CVE-2023-20862

@joshbressers
Update the CPE generation for spring-security-core
c43c877 
Signed-off-by: Josh Bressers <josh@bress.net>
spiffcs
spiffcs reviewed May 5, 2023
View reviewed changes
syft/pkg/cataloger/common/cpe/generate_test.go
Type: pkg.JavaPkg,
},
expected: []string{"spring-security-core", "spring_security", "spring_security_core"},
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw in the above additional vendors is also using vmware.

Do we want to add a case here under TestCandidateVendor to cover spring-security-core as well?

@joshbressers
Add vendor test for spring-security
4865a10 
Signed-off-by: Josh Bressers <josh@bress.net>
@spiffcs spiffcs enabled auto-merge (squash) May 5, 2023 15:36
@spiffcs spiffcs merged commit 0f1aed4 into anchore:main May 5, 2023
@willmurphyscode willmurphyscode added the enhancement New feature or request label May 5, 2023
spiffcs pushed a commit that referenced this pull request May 10, 2023
@joshbressers @spiffcs
Update the CPE generation for spring-security-core (#1789)
2d8648b 
* Update the CPE generation for spring-security-core
* Add vendor test for spring-security

Signed-off-by: Josh Bressers <josh@bress.net>

---------

Signed-off-by: Josh Bressers <josh@bress.net>
spiffcs added a commit that referenced this pull request May 10, 2023
@spiffcs
Merge branch 'main' into 1577-license-revamp
213d9a9 
* main:
  fix: Reduce log spam on unknown relationship type (#1797)
  chore(deps): update bootstrap tools to latest versions (#1807)
  chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802)
  chore(deps): bump github.com/docker/docker (#1795)
  chore(deps): bump github.com/google/go-containerregistry (#1796)
  chore(deps): update bootstrap tools to latest versions (#1792)
  Print package list when extra packages found (#1791)
  chore(deps): update bootstrap tools to latest versions (#1786)
  chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787)
  Update the CPE generation for spring-security-core (#1789)
  chore: do not HTML escape PackageURLs (#1782)
  chore: do not include kernel module cataloger by default (#1784)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@joshbressers
Update the CPE generation for spring-security-core (anchore#1789)
ad6b3f3 
* Update the CPE generation for spring-security-core
* Add vendor test for spring-security

Signed-off-by: Josh Bressers <josh@bress.net>

---------

Signed-off-by: Josh Bressers <josh@bress.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joshbressers @spiffcs @willmurphyscode