Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add unaffected package and CPE stores #2888

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wagoodman merged 1 commit into from
Sep 5, 2025
Merged

Add unaffected package and CPE stores #2888

wagoodman merged 1 commit into from
Sep 5, 2025

Conversation

@wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Aug 22, 2025
edited
Loading

This PR adds a deferred feature from the initial v6 schema work from janurary: the ability to describe packages and CPEs that are explicitly not affected by a vulnerability.

Specifically, this adds:

  • UnaffectedPackageStore
  • UnaffectedCPEStore

note: we cannot refactor the existing alpine naks (e.g. <= 0 version constraint) since there are older clients that depend on that mechanism (unless we decide to duplicate all of that data, which is an option if we wish).

Related PR: anchore/grype-db#648

@wagoodman wagoodman mentioned this pull request Aug 22, 2025
Merged
@wagoodman wagoodman force-pushed the add-unaffected-stores branch 2 times, most recently from 12e2d5e to 2a045fa Compare August 25, 2025 19:52
@wagoodman wagoodman marked this pull request as ready for review August 25, 2025 21:04
@wagoodman
add unaffected stores
26e0256 
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman wagoodman force-pushed the add-unaffected-stores branch from 3cc59ef to 26e0256 Compare August 26, 2025 17:36
spiffcs
spiffcs approved these changes Sep 4, 2025
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No more notes/comments from our previous sync review. I went through each file and didn't see anything else I had questions on. Test coverage is A+ and all the cases seem covered correctly for new unaffected code paths.

👍 LGTM

@wagoodman wagoodman merged commit 9ae3e42 into main Sep 5, 2025
12 checks passed
@wagoodman wagoodman deleted the add-unaffected-stores branch September 5, 2025 16:09
@spiffcs spiffcs added the enhancement New feature or request label Sep 15, 2025
@BrewTestBot BrewTestBot mentioned this pull request Sep 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wagoodman @spiffcs