-
Notifications
You must be signed in to change notification settings - Fork 587
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: disable CPE-based matching for GHSA ecosystems by default #1412
Merged
wagoodman
merged 3 commits into
main
from
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
Oct 12, 2023
Merged
feat: disable CPE-based matching for GHSA ecosystems by default #1412
wagoodman
merged 3 commits into
main
from
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
Oct 12, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
westonsteimel
force-pushed
the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
4 times, most recently
from
August 4, 2023 15:47
c35f935
to
288021a
Compare
westonsteimel
force-pushed
the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
7 times, most recently
from
August 18, 2023 19:48
dd2da98
to
61c6c61
Compare
westonsteimel
force-pushed
the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
6 times, most recently
from
August 21, 2023 18:36
0ceb397
to
0e973a0
Compare
Added blocked for now so that we investigate the quality gate a bit more to see why this is passing when we expect a failure given the number of false negatives |
westonsteimel
force-pushed
the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
4 times, most recently
from
September 13, 2023 09:41
859ab71
to
c54f2b5
Compare
westonsteimel
force-pushed
the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
4 times, most recently
from
September 25, 2023 13:50
c04ff06
to
005b0eb
Compare
westonsteimel
force-pushed
the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
from
September 29, 2023 07:29
005b0eb
to
5925a17
Compare
wagoodman
approved these changes
Sep 29, 2023
Disables CPE-based matching for ecosystems which are covered by GitHub Security Advisories. Also adds a separate rust matcher and related configuration to allow configuring CPE-based matching off for it while still leaving it on for the stock matcher. Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
westonsteimel
force-pushed
the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
from
October 11, 2023 08:43
5925a17
to
2440dd3
Compare
wagoodman
deleted the
disable-cpe-matching-by-default-for-ghsa-covered-ecosystems
branch
October 12, 2023 13:07
spiffcs
added a commit
that referenced
this pull request
Oct 19, 2023
* main: (137 commits) chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#1564) Add --ignore-states flag for ignoring findings with specific fix states (#1473) feat: update go-sarif library to use latest release (#1563) bump clio to get stderr reporting fix (#1561) chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#1558) chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 (#1557) Add checksum signing (#1535) chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 (#1554) feat: disable CPE-based matching for GHSA ecosystems by default (#1412) chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1552) chore(deps): update Syft to v0.93.0 (#1550) chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 (#1547) chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 (#1548) chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 (#1549) chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#1544) fix: empty descriptor name and version (#1542) chore: removes unnecessary conditional (#1539) chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 (#1533) chore(deps): update Syft to v0.92.0 (#1527) chore(deps): update bootstrap tools to latest versions (#1524) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Disables CPE-based matching for ecosystems which are covered by GitHub Security Advisories. Also adds a separate rust matcher and related configuration to allow configuring CPE-based matching off for rust packages while still leaving it enabled for anything falling into the stock matcher.
Fixes: #811