forked from intel/cve-bin-tool
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes #6
Merged
Merged
Changes #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sort CPE summary by product instead of vendor, this is especially useful for product with multiple vendors (e.g. dnsmasq). Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
#3522) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@fde92ac...7bbfa03) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Joydeep <bntripathy123@gmail.com> Co-authored-by: Terri Oda <terri@toybox.ca>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 2.22.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@74483a3...689fdc5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix: create new version comparison function We had been using packaging's version parsing tools, but as they move more towards pep440 compliance they aren't as useful for comparing arbitrary versions that may not follow the same scheme. This moves us to our own function. It may need some further tweaking for special cases such as release candidates or dev versions. Signed-off-by: Terri Oda <terri.oda@intel.com>
Improve gdb pattern to handle openwrt gdb binaries Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
…#3534) Bumps [conda-incubator/setup-miniconda](https://github.com/conda-incubator/setup-miniconda) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/conda-incubator/setup-miniconda/releases) - [Changelog](https://github.com/conda-incubator/setup-miniconda/blob/main/CHANGELOG.md) - [Commits](conda-incubator/setup-miniconda@3b0f250...9f54435) --- updated-dependencies: - dependency-name: conda-incubator/setup-miniconda dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.6.0 to 2.6.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@1b05615...eb238b5) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
#3546) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@7bbfa03...01bc870) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#3549) Bumps [conda-incubator/setup-miniconda](https://github.com/conda-incubator/setup-miniconda) from 2.3.0 to 3.0.1. - [Release notes](https://github.com/conda-incubator/setup-miniconda/releases) - [Changelog](https://github.com/conda-incubator/setup-miniconda/blob/main/CHANGELOG.md) - [Commits](conda-incubator/setup-miniconda@9f54435...11b5629) --- updated-dependencies: - dependency-name: conda-incubator/setup-miniconda dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…uction (#3555) with that construct, the second line was never executed
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Co-authored-by: GitHub <noreply@github.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
gnu:rsync is a CPE ID without any CVEs so drop it: https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-3492/GNU-Rsync.html Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
netatalk_project:netatalk is a CPE ID without any CVEs so drop it: https://www.cvedetails.com/vulnerability-list/vendor_id-20887/product_id-61360/Netatalk-Project-Netatalk.html Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Co-authored-by: GitHub <noreply@github.com>
* fixes #3637 - Replaced 'tagvalue' by 'tag' as it was not supported by '--sbom-format' argument. - Added an argument '.' after 'sbom.spdx' to specify directory for scanning.
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
* ci: fix sbom test skipping logic This code was causing more tests to be skipped than intended because of a bad string compare. * fix: pre-commit 3.6.0 was a lie * test: disable failing test & add docstrings --------- Signed-off-by: Terri Oda <terri.oda@intel.com>
Co-authored-by: GitHub <noreply@github.com>
In the contribution guide for running the [local copy of cve-bin-tool](https://github.com/intel/cve-bin-tool/blob/main/CONTRIBUTING.md#running-your-local-copy-of-cve-binary-tool) ,the mentioned cmd for installing the tool works when a user is not in a virtual env. When present in virtual env , the --user flag isn't needed. This PR attempts to clearly mention the cmds for both the cases.
detailed option was added by commit 4f3538e with the following description: "display detailed report" which is a bit cryptic so replace it by "add CVE description in csv or json report (no effect on console, html or pdf)". Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Enable metrics if epss-percentile or epss-probability is set by the user. This commit also fix this following broken logic which allowed negative epss values: if float(args["epss_percentile"]) > 0 or float(args["epss_percentile"]) < 100: replaced by: if float(args["epss_percentile"]) >= 0 and float(args["epss_percentile"]) <= 100: Tentative fix for #3625 Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
* test: temporarily disable failing tests Temporary measure so CI will stay clean while we work on fixing the tests mentioned in #3653 Signed-off-by: Terri Oda <terri.oda@intel.com>
fixes: #3626 Co-authored-by: Terri Oda <terri.oda@intel.com>
Co-authored-by: Terri Oda <terri.oda@intel.com>
Co-authored-by: Terri Oda <terri.oda@intel.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: GitHub <noreply@github.com>
* chore: update pre-commit config * fix: pre-commit 3.6.0 needs python > 3.8 --------- Co-authored-by: GitHub <noreply@github.com> Co-authored-by: Terri Oda <terri.oda@intel.com>
I have updated the options list in README.md by adding the missing options which I got from cve-bin-tool --help . Also I have added the links to the MANUAL file for the options which were present in the MANUAL file. Few of the options were not present in the MANUAL file, so I couldn't add the links for those options. fixes #3652
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.