fix: improve output of cve-scan github action for cve #2475
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: ayush_gitk <ayushsharmaa101@gmail.com>
|
@terriko ,could you please review this pr and suggest some changes. |
Codecov Report
@@ Coverage Diff @@
## main #2475 +/- ##
==========================================
+ Coverage 75.40% 77.94% +2.54%
==========================================
Files 589 591 +2
Lines 9590 9729 +139
Branches 1120 1319 +199
==========================================
+ Hits 7231 7583 +352
+ Misses 2059 1844 -215
- Partials 300 302 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
BreadGenie
suggested changes
Dec 29, 2022
ayushthe1
changed the title
|
Thanks @BreadGenie ,fixed the suggestion. |
terriko
approved these changes
Jan 3, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: ayush_gitk ayushsharmaa101@gmail.com
This pr fixes #2424 .
Current behaviour:
Current output of the CVE-scan github action tells us that we have a unexplored potential CVE in a component but it's not telling us what component it's in ,as described in the issue.
Desired behaviour:
We want the output to tell name of component having vulnerability. (in the assert message)
Steps i took to solve:
First i introduced a fake vulnerability
kubernetes == 1.0.1in requirements.txt fileThen i made the desired code changes in test_requirements.py ,present in this pr
This is the screenshot of the cve-scan github action i got which has the message "Component kubernetes has a unexplored CVE" corresponding to the fake vulnerability i injected.
