Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add related vulnerabilities entries for GHSA id's coming from OS entries #199

Open
westonsteimel opened this issue Nov 15, 2023 · 0 comments
Open

add related vulnerabilities entries for GHSA id's coming from OS entries #199

westonsteimel opened this issue Nov 15, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@westonsteimel
Copy link
Contributor

westonsteimel commented Nov 15, 2023
edited

What would you like to be added:

grype-db should set related vulnerabilities for GHSA entries that come from OS providers. Currently this only occurs for CVE identifiers.

Why is this needed:

The wolfi and chainguard providers can emit GHSA- identifiers from the secfixes feeds and currently there won't be a relationship set back to the corresponding identifier in the github namespaces.

This will likely end up requiring that the github provider data should be populated prior to executing the subsequent providers. I believe we already do this for nvd
@westonsteimel westonsteimel added the enhancement New feature or request label Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@westonsteimel