Andre-85
Andre-85
### Description This pull-requests adds an improved version compare algorithm. In case that purl of type "pkg:deb" is used versions are sorted according to Debian policy for versions ([(https://man7.org/linux/man-pages/man7/deb-version.7.html)]) in...
### Current Behavior For example UBUNTU-CVE-2021-26318 is not matched to amd64-microcode version 3.20191218.1ubuntu2.2, but this version is mentioned in the osv CVE report: ``` { "vulns": [ { "id": "UBUNTU-CVE-2021-26318",...
### Current Behavior PURLs in SBOMs contain often the information to which distribution they belonging to e.g. pkg:deb/debian/[email protected]+deb12u1?arch=amd64&distro=debian-12 means expat in version 2.5.0-1+deb12u1 from distribution debian-12 (which is bookworm). For...
### Current Behavior Hello together, I've noticed that in DependencyTrack in version 4.12.1 supports fetching vulnerabilities from Google's OSV service. So wanted to test DependencyTrack with an SBOM containing PURLs...
I just tried to run the unittests coming with code, but they will not run with python 3.12.3 (on Ubuntu 24.04). Before running the unittests I applied the fixes for...