-
Notifications
You must be signed in to change notification settings - Fork 585
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: remove author contributing to javascript CPEs #1669
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Keith Zantow <kzantow@gmail.com>
westonsteimel
approved these changes
Mar 14, 2023
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
spiffcs
added a commit
to deitch/syft
that referenced
this pull request
Mar 21, 2023
* main: (47 commits) Deprecate config.yaml as valid config source; Add unit regression for correct config paths (anchore#1640) chore: Update syft bootstrap tools to latest versions. (anchore#1682) Update documentation: (anchore#1680) chore: Update Stereoscope to 7928713c391e20abaede6a029f4ce37b628a4c8b (anchore#1681) fix: reduce logging for bad dpkg lines (anchore#1675) fix ruby classifier (anchore#1678) feat: add shared dir for easier cleanup (anchore#1676) chore(deps): bump github.com/google/go-containerregistry (anchore#1672) chore(deps): bump actions/setup-go from 3 to 4 (anchore#1671) fix: move defer after error to protect panic case (anchore#1670) feat: add argocd, helm, kustomize and kubectl binary classifiers (anchore#1663) defer closing file (anchore#1668) fix: remove author contributing to javascript CPEs (anchore#1669) fix: more python matching support (anchore#1667) Update syft bootstrap tools to latest versions. (anchore#1666) feat: add ruby classifier (anchore#1665) Update syft bootstrap tools to latest versions. (anchore#1658) fix: improved Python binary detection (anchore#1648) fix: suppress some known incorrect vendor candidates for npm CPEs (anchore#1659) fix: sanitize SPDX LicenseRefs (anchore#1657) ... Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
This was referenced Mar 31, 2023
Closed
This was referenced Apr 10, 2023
GijsCalis
pushed a commit
to GijsCalis/syft
that referenced
this pull request
Feb 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Syft was generating CPEs for javascript packages and including author information, but these were just splitting by
@
, assuming the author may have been an email address. However, the author is the formName <email> (url)
, e.g.George Costanza <george@costanza.net> (https://costanza.net)
, which could result in a CPE similar to:This PR simply removes using the author, as there were not any identified cases that this was useful.