Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syft generates too loose of cpes for python redis #1066

Closed
cpendery opened this issue Jun 25, 2022 · 0 comments · Fixed by #1070
Closed

Syft generates too loose of cpes for python redis #1066

cpendery opened this issue Jun 25, 2022 · 0 comments · Fixed by #1070
Labels
bug Something isn't working

Comments

@cpendery
Copy link
Contributor

cpendery commented Jun 25, 2022
edited
Loading

What happened:
Syft generates cpes for python redis that shadow the real redis cpes

What you expected to happen:
This shouldn't happen as that leads to false flagging

How to reproduce it (as minimally and precisely as possible):
See linked issue below for replication

Anything else we need to know?:
Related to anchore/grype#800

Environment:

  • Output of syft version: 38.1 (from Grype 40.0)
  • OS (e.g: cat /etc/os-release or similar):
System Version: macOS 11.6 (20G165)
Kernel Version: Darwin 20.6.0
Model Name: MacBook Pro
Model Identifier: MacBookPro16,1
Processor Name: 6-Core Intel Core i7
@cpendery cpendery added the bug Something isn't working label Jun 25, 2022
@cpendery cpendery mentioned this issue Jun 25, 2022
Closed
@spiffcs spiffcs added this to OSS Jun 27, 2022
@spiffcs spiffcs moved this to In Progress (Actively Resolving) in OSS Jun 27, 2022
@cpendery cpendery changed the title Syft generates too loose of cpes which will/have never occurred Syft generates too loose of cpes for python redis Jun 27, 2022
@cpendery cpendery mentioned this issue Jun 28, 2022
Merged
@spiffcs spiffcs moved this from In Progress (Actively Resolving) to Triage (Comments or Progress Made) in OSS Jun 28, 2022
@spiffcs spiffcs moved this from Triage (Comments or Progress Made) to Backlog (Pulled Forward for Priority no more than 10) in OSS Jul 8, 2022
@spiffcs spiffcs moved this from Backlog (Pulled Forward for Priority) to In Review in OSS Nov 29, 2022
spiffcs pushed a commit that referenced this issue Dec 8, 2022
@cpendery
fix: add manual vendor/product removal to fix false flags (#1070)
668f102 
Closes #1066
Closes anchore/grype#800
Closes anchore/grype#491
Repository owner moved this from In Review to Done in OSS Dec 8, 2022
This was referenced Dec 13, 2022
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Dec 23, 2022
Closed
Closed
Closed
Closed
Closed
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this issue Feb 19, 2024
@cpendery
fix: add manual vendor/product removal to fix false flags (anchore#1070)
f8e685a 
Closes anchore#1066
Closes anchore/grype#800
Closes anchore/grype#491
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
OSS
Archived in project
Milestone
No milestone
1 participant
@cpendery