Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add data-driven language matching #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 28, 2021
Merged

Add data-driven language matching #434

merged 1 commit into from
Sep 28, 2021

Conversation

@wagoodman
Copy link
Contributor

Pulls in the upstream grype-db change for allow for using a "good" default language namespace guess when searching for vulnerabilities for potentially supported languages.

Additionally this PR fixes version comparisons for the fuzzy version constraint checks where one side includes a v prefix while the other side does not. This is a common case for the docker golang package since docker changed the version scheme after the first few versions.

@wagoodman wagoodman added the enhancement New feature or request label Sep 28, 2021
@wagoodman wagoodman requested a review from a team September 28, 2021 20:35
@wagoodman wagoodman self-assigned this Sep 28, 2021
luhring
luhring approved these changes Sep 28, 2021
View reviewed changes
Copy link
Contributor

@luhring luhring left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

(I too have an outstanding Grype PR if you haven't seen it yet πŸ˜ƒ )

grype/version/fuzzy_constraint.go
return sb.String()
}

func stripLeadingV(ver string) string {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love breaking this out πŸ‘

@wagoodman wagoodman merged commit 608e126 into main Sep 28, 2021
@wagoodman wagoodman deleted the with-default-language-mapper branch September 28, 2021 20:55
spiffcs added a commit that referenced this pull request Oct 1, 2021
@spiffcs
Merge branch 'main' into uniform-constraint-tests
f4bb0f4 
* main:
  Support gomod configuration in goreleaser (#391)
  Update description for Slack link (#439)
  Updates approach for epoch handling in rpm comparisons (#438)
  Feature: Specifying ignore rules for vulnerability matches (#430)
  Update Syft to v0.24.1 (#433)
  pull in grype-db default language namespace namer + fix imbalanced version v prefixes (#434)
  add stock matcher (language + cpe matching) (#432)
  Add SBOM to releases (#429)
  Add announcement for KubeCon meetup (#428)
  Improve log message for CPE parsing error (#426)
  Bugfixes + Integration test for sbom input vs grype library comparison (#424)
  Allow CPE parsing failures (#425)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@luhring luhring luhring approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@wagoodman wagoodman

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wagoodman @luhring