Conor Nosal
Conor Nosal
The ratings structures has fields for score and vector https://cyclonedx.org/docs/1.4/json/#vulnerabilities_items_ratings . If memory serves those fields do get populated in the cyclonedx presenter based on `vulnerability.cvss`, but maybe not for...
Match from grype -o json ``` "matches": [ { "vulnerability": { "id": "CVE-2015-5237", "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-5237", "namespace": "nvd", "severity": "High", "urls": [ "https://github.com/google/protobuf/issues/760", "https://bugzilla.redhat.com/show_bug.cgi?id=1256426", "http://www.openwall.com/lists/oss-security/2015/08/27/2", "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E", "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E", "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",...
While it looks like a decision is already made via #1158 I wanted to link to https://github.com/anchore/syft/issues/1129 as a sample for this discussion. As some ecosystems don't commit full dependency...
> --- >apiVersion: kbld.k14s.io/v1alpha1 >kind: Config >searchRules: >- keyMatcher: > name: value We're trying a similar config. In our case we have other env vars, some of which aren't images....
Yeah, for now we're using an opaque secret to only store the ca.crt, which is unfortunate. `kubectl create secret tls` validates the key and cert are valid PEM files (with...