Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

indirect-cve-whitelist added to the Applicability Scaner YAML configuration #1049

Merged
merged 3 commits into from
Nov 29, 2023
Merged

indirect-cve-whitelist added to the Applicability Scaner YAML configuration #1049

merged 3 commits into from
Nov 29, 2023

Conversation

srmish-jfrog
Copy link
Contributor

@srmish-jfrog srmish-jfrog commented Nov 26, 2023
edited by eyalbe4
Loading

  • [v] All tests passed. If this feature is not already covered by the tests, I added new tests.
  • [v] All static analysis checks passed.
  • [v] This pull request is on the dev branch.
  • [v] I used gofmt for formatting the code before submitting the pull request.

Add support for applicability scanning of indirect (transitive) CVEs. This is done by sending a separate list of detected indirect CVEs (indirect-cve-whitelist) to the applicability scanner YAML configuration file

@eyalbe4 eyalbe4 self-requested a review November 26, 2023 14:42
@eyalbe4
Copy link
Contributor

eyalbe4 commented Nov 26, 2023

Thank you for this PR @srmish-jfrog srmish-jfrog!
Will you be able tio add a full description foir this PR? Note that if PR is eventually merged, it'll be referenced automatically from the release notes, and will receieve high visibility.

@srmish-jfrog
Copy link
Contributor Author

Thank you for this PR @srmish-jfrog srmish-jfrog! Will you be able tio add a full description foir this PR? Note that if PR is eventually merged, it'll be referenced automatically from the release notes, and will receieve high visibility.

Sure, done

@yahavi yahavi self-requested a review November 27, 2023 11:50
@eyalbe4 eyalbe4 added the improvement Automatically generated release notes label Nov 27, 2023
@eyalbe4 eyalbe4 changed the title applicabilitymanager: add "indirect-cve-whitelist" to scanner YAML configuration New indirect-cve-whitelist added to the Applicability Scaner YAML configuration Nov 27, 2023
@eyalbe4 eyalbe4 changed the title New indirect-cve-whitelist added to the Applicability Scaner YAML configuration indirect-cve-whitelist added to the Applicability Scaner YAML configuration Nov 27, 2023
@eyalbe4 eyalbe4 self-requested a review November 27, 2023 13:53
@github-actions GitHub Actions
Copy link
Contributor

👍 Frogbot scanned this pull request and found that it did not add vulnerable dependencies.

@eyalbe4 eyalbe4 merged commit c65b1db into jfrog:dev Nov 29, 2023
8 checks passed
guyshe-jfrog pushed a commit to guyshe-jfrog/jfrog-cli-core that referenced this pull request Nov 30, 2023
@srmish-jfrog @guyshe-jfrog
indirect-cve-whitelist added to the Applicability Scaner YAML confi…
8f30a0a 
…guration (jfrog#1049)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yahavi yahavi Awaiting requested review from yahavi

@eyalbe4 eyalbe4 Awaiting requested review from eyalbe4

Assignees
No one assigned
Labels
improvement Automatically generated release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@srmish-jfrog @eyalbe4