Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge the list of Vulnerabilities generated from InfoAboutVulnerabilities #143

Open
3 tasks
sourabhsparkala opened this issue Apr 27, 2020 · 0 comments
Open
3 tasks

Merge the list of Vulnerabilities generated from InfoAboutVulnerabilities #143

sourabhsparkala opened this issue Apr 27, 2020 · 0 comments
Assignees
@sourabhsparkala
Labels
enhancement New feature or request

Comments

@sourabhsparkala
Copy link
Member

sourabhsparkala commented Apr 27, 2020
edited by artem-smotrakov
Loading

VulnerabilitiesFromGitHubAdvisories is not a full-fledge DataProvider

The above Data provider provides only those VULNERABILITIES which are not present in NVD Database. We need to remove this check and allow all the VULNERABILITIES from the Security Advisory Database.

We need to allow all the VULNERABILITIES from the Security Advisory for the GitHub project and merge it into a single VULNERABILITIES list generated in InfoAboutVulnerabilities. This way specific fields of Vulnerability class like Resolution could be updated based on firstPatchedVersion field from Advisory. We will also get a confirmation if Vulnerability is PATCHED or UNPATCHED.

Things to do

  • Remove the check and allow all possible advisories to part of the VULNERABILITIES list.
  • Add VulnerabilitiesFromGitHubAdvisories as part of InfoAboutVulnerabilities
  • Merge the VULNERABILITIES list to update Resolution
@artem-smotrakov artem-smotrakov added enhancement New feature or request data Update static data about open-source projects and removed data Update static data about open-source projects labels Apr 27, 2020
@sourabhsparkala sourabhsparkala mentioned this issue Apr 27, 2020
Closed
@artem-smotrakov artem-smotrakov added this to the 0.8.0 milestone Apr 30, 2020
@artem-smotrakov artem-smotrakov removed this from the 0.8.0 milestone May 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sourabhsparkala sourabhsparkala

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sourabhsparkala @artem-smotrakov