cve-bin-tool icon indicating copy to clipboard operation
cve-bin-tool copied to clipboard
verified publisher icon intel

test: behaviour when NVD is a disabled data source

Open terriko opened this issue 1 year ago • 1 comments

  • related: https://github.com/intel/cve-bin-tool/pull/3814

In #3814 @Mayankrai449 has added the ability to disable the NVD data source as a fix for #3801. This was something that it looked like cve-bin-tool should be able to do but it wasn't actually plumbed through correctly.

I merged it without tests so that the requester could try it out and make sure it worked for their use case, but we should definitely have some tests:

  • a test where NVD (and only NVD) is disabled to make sure that scans can still run against, say, OSV
  • a test where all data sources are disabled (similar to the case in #3801) to see if we can produce an sbom & and an empty scan

terriko avatar Feb 13 '24 19:02 terriko

Looking into this. Located the relevant code. Should soon be ready with a draft. Thanks!

HamzaMateen avatar Feb 14 '24 14:02 HamzaMateen