Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add debian legacy cache processing #117

Merged
merged 5 commits into from
Mar 14, 2023
Merged

Add debian legacy cache processing #117

merged 5 commits into from
Mar 14, 2023
+383 −12

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Mar 14, 2023
edited
Loading

Legacy debian vulnerability data has been added to the OCI debian cache for releases 7, 8, and 9. Today this processes direct output from the Enterprise Feed Service. In the future this should be modified to additionally process flat-file output from the provider itself.

This PR changes the debian provider to be able to leverage this cache and bake it into the DB. Addresses anchore/grype#1176 .

The quality gate has been updated to incorporate the cache into testing.

One outstanding issue: the quality gate did not catch this to begin with, even though a representative image was under test. This will be dealt with in a follow up PR, however, the reason for this is because the gate narrows the set of namespaces to consider to what was found in the test DB. Since the debian 7/8/9 namespaces were missing, they were considered to not be under test. A follow up enhancement will fail the QG if no results were found at all (regardless of the relative comparison / label results).

@wagoodman
allow for empty cvss vectors for legacy data
c591c9f 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
add support for processing legacy debian records
1e4aa6e 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
add unit tests for legacy debian data
2ea5147 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
add debian cache to quality gate to pick up on legacy results
745f897 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman
fix linting
6eb6a2a 
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman changed the title Add debian cache Add debian legacy cache processing Mar 14, 2023
@wagoodman wagoodman added the run-pr-quality-gate Triggers running of quality gate on PRs label Mar 14, 2023
@wagoodman wagoodman requested review from a team and westonsteimel March 14, 2023 15:19
@wagoodman wagoodman merged commit a0fb062 into main Mar 14, 2023
@wagoodman wagoodman deleted the add-debian-cache branch March 14, 2023 15:36
@wagoodman wagoodman added bug Something isn't working enhancement New feature or request and removed run-pr-quality-gate Triggers running of quality gate on PRs bug Something isn't working labels Mar 14, 2023
@wagoodman wagoodman mentioned this pull request Jun 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@westonsteimel westonsteimel westonsteimel approved these changes

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wagoodman @westonsteimel @kzantow