Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/grype
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.79.5
Choose a base ref
...
head repository: anchore/grype
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.79.6
Choose a head ref
  • 3 commits
  • 6 files changed
  • 3 contributors

Commits on Aug 12, 2024

  1. doc: Updates for the Slack to Discourse migration (#2046)

    Signed-off-by: Alan Pope <alan@popey.com>
    popey authored Aug 12, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    4ec46b5 View commit details
  2. chore: remove quality gate Makefile db age check (#2036)

    Signed-off-by: Keith Zantow <kzantow@gmail.com>
    kzantow authored Aug 12, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    b12a6f2 View commit details
  3. do not fail when inflating DB records (#2049)

    Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
    wagoodman authored Aug 12, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    89c4190 View commit details
6 changes: 3 additions & 3 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
contact_links:

- name: Join the Slack community 💬
# link to our community Slack registration page
url: https://anchore.com/slack
- name: Join our Discourse community 💬
# link to our community Discourse site
url: https://anchore.com/discourse
about: 'Come chat with us! Ask for help, join our software development efforts, or just give us feedback!'
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -8,7 +8,7 @@
[![GitHub release](https://img.shields.io/github/release/anchore/grype.svg)](https://github.com/anchore/grype/releases/latest)
[![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/anchore/grype.svg)](https://github.com/anchore/grype)
[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/anchore/grype/blob/main/LICENSE)
[![Slack Invite](https://img.shields.io/badge/Slack-Join-blue?logo=slack)](https://anchore.com/slack)
[![Join our Discourse](https://img.shields.io/badge/Discourse-Join-blue?logo=discourse)](https://anchore.com/discourse)
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/anchore/grype/badge)](https://scorecard.dev/viewer/?uri=github.com/anchore/grype)
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6708/badge)](https://www.bestpractices.dev/projects/6708)

12 changes: 8 additions & 4 deletions grype/db/vulnerability_provider.go
Original file line number Diff line number Diff line change
@@ -52,7 +52,8 @@ func (pr *VulnerabilityProvider) Get(id, namespace string) ([]vulnerability.Vuln
for _, vuln := range vulns {
vulnObj, err := vulnerability.NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to inflate vulnerability record (namespace=%q id=%q): %w", vuln.Namespace, vuln.ID, err)
log.WithFields("namespace", vuln.Namespace, "id", vuln.ID).Errorf("failed to inflate vulnerability record: %v", err)
continue
}

results = append(results, *vulnObj)
@@ -87,7 +88,8 @@ func (pr *VulnerabilityProvider) GetByDistro(d *distro.Distro, p pkg.Package) ([
for _, vuln := range allPkgVulns {
vulnObj, err := vulnerability.NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to inflate vulnerability record (namespace=%q id=%q distro=%q): %w", vuln.Namespace, vuln.ID, d, err)
log.WithFields("namespace", vuln.Namespace, "id", vuln.ID).Errorf("failed to inflate vulnerability record (by distro): %v", err)
continue
}

vulnerabilities = append(vulnerabilities, *vulnObj)
@@ -121,7 +123,8 @@ func (pr *VulnerabilityProvider) GetByLanguage(l syftPkg.Language, p pkg.Package
for _, vuln := range allPkgVulns {
vulnObj, err := vulnerability.NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to inflate vulnerability record (namespace=%q id=%q language=%q): %w", vuln.Namespace, vuln.ID, l, err)
log.WithFields("namespace", vuln.Namespace, "id", vuln.ID).Errorf("failed to inflate vulnerability record (by language): %v", err)
continue
}

vulnerabilities = append(vulnerabilities, *vulnObj)
@@ -169,7 +172,8 @@ func (pr *VulnerabilityProvider) GetByCPE(requestCPE cpe.CPE) ([]vulnerability.V
if len(candidateMatchCpes) > 0 {
vulnObj, err := vulnerability.NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to inflate vulnerability record (namespace=%q id=%q cpe=%q): %w", vuln.Namespace, vuln.ID, requestCPE.Attributes.BindToFmtString(), err)
log.WithFields("namespace", vuln.Namespace, "id", vuln.ID, "cpe", requestCPE.Attributes.BindToFmtString()).Errorf("failed to inflate vulnerability record (by CPE): %v", err)
continue
}

vulnObj.CPEs = candidateMatchCpes
23 changes: 21 additions & 2 deletions grype/db/vulnerability_provider_mocks_test.go
Original file line number Diff line number Diff line change
@@ -31,6 +31,14 @@ func (d *mockStore) stub() {
ID: "CVE-2013-fake-2",
VersionFormat: "deb",
},
// poison the well! this is not a valid entry, but we want the matching process to survive and find other good results...
{
PackageName: "neutron",
Namespace: "debian:distro:debian:8",
VersionConstraint: "< 70.3.0-rc0", // intentionally bad value
ID: "CVE-2014-fake-3",
VersionFormat: "apk",
},
},
}
d.data["nvd:cpe"] = map[string][]grypeDB.Vulnerability{
@@ -62,7 +70,7 @@ func (d *mockStore) stub() {
ID: "CVE-2014-fake-5",
VersionFormat: "unknown",
CPEs: []string{
"cpe:2.3:*:couldntgetthisrightcouldyou:activerecord:4.0.1:*:*:*:*:*:*:*",
"cpe:2.3:*:couldntgetthisrightcouldyou:activerecord:4.0.1:*:*:*:*:*:*:*", // shouldn't match on this
},
},
{
@@ -72,7 +80,18 @@ func (d *mockStore) stub() {
ID: "CVE-2014-fake-6",
VersionFormat: "unknown",
CPEs: []string{
"cpe:2.3:*:awesome:awesome:*:*:*:*:*:*:*:*",
"cpe:2.3:*:awesome:awesome:*:*:*:*:*:*:*:*", // shouldn't match on this
},
},
// poison the well! this is not a valid entry, but we want the matching process to survive and find other good results...
{
PackageName: "activerecord",
Namespace: "nvd:cpe",
VersionConstraint: "< 70.3.0-rc0", // intentionally bad value
ID: "CVE-2014-fake-7",
VersionFormat: "apk",
CPEs: []string{
"cpe:2.3:*:activerecord:activerecord:*:*:*:*:*:rails:*:*",
},
},
},
5 changes: 5 additions & 0 deletions grype/db/vulnerability_provider_test.go
Original file line number Diff line number Diff line change
@@ -198,4 +198,9 @@ func Test_Get(t *testing.T) {
t.Errorf("diff: %+v", d)
}
}

// prove we survive a bad request
actual, err = provider.Get("CVE-2014-fake-3", "debian:distro:debian:8")
require.NoError(t, err)
assert.Empty(t, actual)
}
9 changes: 1 addition & 8 deletions test/quality/Makefile
Original file line number Diff line number Diff line change
@@ -11,7 +11,6 @@ RESULT_SET = pr_vs_latest_via_sbom
TEST_DB_URL_FILE = ./test-db-url
TEST_DB_URL = $(shell cat $(TEST_DB_URL_FILE))
TEST_DB = db.tar.gz
LISTING_FILE = https://toolbox-data.anchore.io/grype/databases/listing.json

# formatting variables
BOLD := $(shell tput -T linux bold)
@@ -34,15 +33,9 @@ validate: venv $(VULNERABILITY_LABELS)/Makefile ## Run all quality checks agains
capture: sboms vulns ## Collect and store all syft and grype results

.PHONY: capture
vulns: venv $(TEST_DB) check-db ## Collect and store all grype results
vulns: venv $(TEST_DB) ## Collect and store all grype results
$(YARDSTICK) -v result capture -r $(RESULT_SET)

.PHONY: check-db
check-db:
@echo "Looking for test DB within the hosted listing file (which prunes DBs older that 90 days or the last 90 objects)"
@curl -sSL $(LISTING_FILE) | jq '.available[][] | select(.url == "$(TEST_DB_URL)") ' --exit-status || (echo "$(RED)DB is too stale to be used for testing. Please re-pin with a more up-to-date version.$(RESET)" && false)
@echo "DB is fresh enough to be used for testing!"

$(TEST_DB):
@curl -o $(TEST_DB) -SsL $(TEST_DB_URL)