-
Notifications
You must be signed in to change notification settings - Fork 506
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve CVE scan Github Actions job #2424
Comments
@terriko |
I don't know what the best solution here would look like so I can't offer a lot of guidance, but I can help you get started! The code is in test/test_requirements.py : with open(OUTPUT_JSON) as f:
output_json = json.load(f)
for entry in output_json:
assert entry["remarks"] in ["Mitigated", "Ignored"] We want that This will be hard to test if we don't have any known vulnerabilities in the component list, but you could probably inject a fake one into the json right in the code above for testing, or you could add one to the triage or edit the requirements files to add a vulnerable component for testing. (Don't forget to remove any vulnerable stuff before making a PR! But you might want to take screenshots to show what the output will look like before you remove it.) Hope that can get you started! |
* fixes #2424 Signed-off-by: ayush_gitk <ayushsharmaa101@gmail.com>
Current output of our CVE-scain github action:
It's helpfully telling us that we have a unexplored potential CVE in a component but it's not telling me what component it's in. Let's improve that output so it's easier to tell at a glance what needs upgrading. (You can tell from the scan output above this, but it'd be really nifty if we could have it assert product names instead of triage types.)
The text was updated successfully, but these errors were encountered: