Skip to content

scikit-learn-intelex - Test CVE-Bin-Tool for C/C++ repos (even if no binaries are released) #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rozhukov opened this issue Dec 23, 2024 · 1 comment
Open

scikit-learn-intelex - Test CVE-Bin-Tool for C/C++ repos (even if no binaries are released) #189

rozhukov opened this issue Dec 23, 2024 · 1 comment
Assignees
@syakov-intel

Comments

@rozhukov
Copy link
Collaborator

Need to evaluate https://github.com/intel/cve-bin-tool as a Software Composition Analysis (SCA) scanner for C/C++ repos (even if no binaries are released) to:

  • Understand dependencies (SBOM)
  • Figure out CVEs
  • This is needed because Dependabot currently doesn't identify C/C++ dependencies.
@napetrov
Copy link
Collaborator

Seems that no other UXL projects have it enabled, should we request it from everyone and not limiting to scikit and oneCK? @rozhukov @rodburns @aahrun

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@syakov-intel syakov-intel

Labels
None yet
Projects
Security Work Package
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
3 participants
@napetrov @syakov-intel @rozhukov