Tushar Goel
Tushar Goel
Some references have summary how the vulnerability affects the package, we should have that stored and display in UI
Some data sources for example: npm provide `recommendation` field in their advisory.
``` >>> purl = "pkg:alpine/openssl@0?arch=aarch64&distroversion=edge&reponame=main" >>> purl_to_lookups(purl_str=purl) {'type': 'alpine', 'name': 'openssl', 'version': '0', 'qualifiers': 'arch=aarch64&distroversion=edge&reponame=main'} ```
PackageURL.from_string("pkg:npm/@babel/core") The purl is identified as a wrong one.
From gitter chat https://gitter.im/package-url/Lobby @tclasen : ``` Anyone know why the python package isn't letting me get a url from a purl? @app.command() def get(purl: str): parsed = PackageURL.from_string(purl) typer.echo(f"Grabbing...
Reference: https://github.com/nexB/vulnerablecode/issues/889#issuecomment-1518413361 It will be a 3 step process: - Mark all advisories with CVSSv2 with a flag so improvers don't process them in the future. - Check none of...
Currently, we are computing the non-vuln and next-vuln versions every time we call the API, instead, we should store them and use an improver to keep the data current.