Skip to content

debian: split OVAL feed into binary packages #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 4, 2022
Merged

debian: split OVAL feed into binary packages #550

merged 1 commit into from
Feb 4, 2022

Conversation

crozzy
Copy link
Contributor

@crozzy crozzy commented Jan 14, 2022
edited
Loading

The Debian OVAL feed reports vulnerabilities by the source, this
change splits those source vulnerabilities into binary packages so they
can be matched easily with the packages the scanner finds in the distro.

Doubts

  • How will this affect users upgrading and having both the source and the binary vulns in the DB
  • What to do in airgap?

Signed-off-by: crozzy joseph.crosland@gmail.com

@crozzy
Copy link
Contributor Author

crozzy commented Jan 14, 2022

Pre-Change Vulnerability Report
Post-Change Vulnerability Report

@crozzy crozzy force-pushed the crozzy-debian-matching-updates branch 11 times, most recently from 8e76cf4 to 6957bb0 Compare January 18, 2022 23:33
@crozzy crozzy changed the title debian: Allow matching on source packages debian: split OVAL feed into binary packages Jan 19, 2022
@crozzy crozzy force-pushed the crozzy-debian-matching-updates branch 5 times, most recently from 00e5959 to 32972dc Compare January 19, 2022 19:10
@crozzy crozzy marked this pull request as ready for review January 19, 2022 19:21
@crozzy crozzy requested a review from a team as a code owner January 19, 2022 19:21
@crozzy crozzy requested review from hdonnay and removed request for a team January 19, 2022 19:21
hdonnay
hdonnay requested changes Jan 19, 2022
View reviewed changes
@crozzy crozzy force-pushed the crozzy-debian-matching-updates branch 2 times, most recently from 0c8385d to 64933b2 Compare January 19, 2022 23:28
@crozzy crozzy requested a review from hdonnay January 19, 2022 23:30
@crozzy crozzy force-pushed the crozzy-debian-matching-updates branch from 64933b2 to a4c0c86 Compare January 20, 2022 22:48
crozzy
crozzy commented Jan 20, 2022
View reviewed changes
@crozzy crozzy force-pushed the crozzy-debian-matching-updates branch 2 times, most recently from 97f83b6 to 87e28df Compare January 21, 2022 19:26
hdonnay
hdonnay requested changes Jan 21, 2022
View reviewed changes
@crozzy crozzy force-pushed the crozzy-debian-matching-updates branch 5 times, most recently from b60c12b to a5ffb71 Compare January 25, 2022 23:33
@crozzy crozzy requested a review from hdonnay February 3, 2022 21:07
hdonnay
hdonnay previously approved these changes Feb 4, 2022
View reviewed changes
Copy link
Member

@hdonnay hdonnay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@crozzy
debian: split OVAL feed into binary packages
e7d812d 
The Debian OVAL feed reports vulnerabilities by the source, this
change splits those source vulnerabilities into binary packages so they
can be matched easily with the packages the scanner finds in the distro.

Signed-off-by: crozzy <joseph.crosland@gmail.com>
@crozzy crozzy force-pushed the crozzy-debian-matching-updates branch from a5ffb71 to e7d812d Compare February 4, 2022 23:21
hdonnay
hdonnay approved these changes Feb 4, 2022
View reviewed changes
Copy link
Member

@hdonnay hdonnay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also LGTM

@crozzy crozzy merged commit df34db7 into quay:main Feb 4, 2022
@crozzy crozzy mentioned this pull request Feb 10, 2022
Closed
@crozzy crozzy mentioned this pull request Jun 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hdonnay hdonnay hdonnay approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@crozzy @hdonnay