Skip to content
This repository has been archived by the owner on Sep 18, 2023. It is now read-only.

Create a purl to cpe enrichment provider #164

Closed
qtpeters opened this issue Aug 14, 2023 · 0 comments · Fixed by #165
Closed

Create a purl to cpe enrichment provider #164

qtpeters opened this issue Aug 14, 2023 · 0 comments · Fixed by #165
Assignees
@qtpeters
Labels
proposed

Comments

@qtpeters
Copy link
Contributor

qtpeters commented Aug 14, 2023
edited by DerekStrickland
Loading

Target Audience

SBOM Harbor users

What’s the Value

Using the purl(s) included in each SBOM to derive the associated cpe(s) will allow SBOM Harbor to extract vulnerability information directly from NVD and allow the Harbor Team to develop an NVD vulnerability enrichment source.

Details

A CPE ID will only exist for dependencies that have a corresponding CPE ID in the NVD.

Definition of Done

This ticket is finished when:

  • A task exists to update the existing SBOM metadata in DocumentDB with the CPE ID(s) associated to the existing purl(s)
  • That task is running on schedule.
  • CPEs are queryable from the SDL, when they exist.
@qtpeters qtpeters self-assigned this Aug 14, 2023
@qtpeters qtpeters linked a pull request Aug 14, 2023 that will close this issue
feat(cpe-enrichment): add a purl to cpe enrichment source #165
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@qtpeters qtpeters

Labels
proposed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cpe-enrichment): add a purl to cpe enrichment source CMS-Enterprise/sbom-harbor
1 participant
@qtpeters