Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove erroneous Java CPEs from generation #1918

Merged
merged 1 commit into from
Jul 6, 2023
Merged

Remove erroneous Java CPEs from generation #1918

merged 1 commit into from
Jul 6, 2023

Conversation

luhring
Copy link
Contributor

@luhring luhring commented Jul 6, 2023

Per discussion w/ @wagoodman: filter out CPEs known to be incorrect, specifically as CPEs that match non-Maven components to Maven vulnerabilities.

Also adds one case for counting a "Gradle Enterprise" plugin as Gradle Enterprise itself.

@luhring
Remove erroneous Java CPEs from generation
f480011 
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
@luhring
Copy link
Contributor Author

luhring commented Jul 6, 2023

Linking to anchore/grype#1179 since this will solve a decent portion of the false positives reported there

wagoodman
wagoodman approved these changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@wagoodman wagoodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the fix!

@wagoodman wagoodman merged commit 81d8019 into anchore:main Jul 6, 2023
9 checks passed
@luhring luhring deleted the maven-false-positives branch July 6, 2023 21:30
spiffcs added a commit that referenced this pull request Jul 11, 2023
@spiffcs
Merge branch 'main' into 1899-deprecated-license-variant
f96dcac 
* main:
  feat: CLI flag for directory base (#1867)
  Fix CPE gen for k8s python client (#1921)
  chore: update iterations to protect against race (#1927)
  chore(deps): update bootstrap tools to latest versions (#1922)
  fix: Don't use the actual redis or grpc CPEs for gems (#1926)
  fix(install): return with right error code (#1915)
  Remove erroneous Java CPEs from generation (#1918)
  chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916)
  Switch UI to bubbletea (#1888)
  fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate the link (#1884)
  add file source digest support (#1914)
  chore(deps): update bootstrap tools to latest versions (#1908)
  chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912)
  chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913)
  doc(readme): add installation section with scoop (#1909)
  Refactor source API (#1846)
  chore(deps): update bootstrap tools to latest versions (#1905)
@spiffcs spiffcs added the enhancement New feature or request label Jul 12, 2023
This was referenced Jul 12, 2023
Open
Closed
Merged
Closed
Open
Closed
Open
Closed
This was referenced Jul 28, 2023
Closed
Closed
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@luhring
Remove erroneous Java CPEs from generation (anchore#1918)
db24997 
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@luhring @wagoodman @spiffcs