Sahiba Mittal

icon indicating a website link https://www.linkedin.com/in/sahiba-mittal-03618174/ icon indicating an email [email protected]

icon company Citi icon location Dublin, Ireland icon location DevSecOps engineer in Cloud Security at Citi.

Results 8 comments of Sahiba Mittal

Adding support for vulnerability aliases

Hey @stevespringett - This is good, I tested it as well. But, its missing code to add aliases in OSVdownloadTask, like below code snippet needs to be added in method...

Adding support for vulnerability aliases

> It's a bit confusing that GSD and Snyk are mentioned in a few places, although those sources aren't yet supported and we don't have an entry in the `Vulnerability.Source`...

Adding support for vulnerability aliases

@stevespringett - For endpoint to getAllVulnerabilities for a project ("/project/{uuid}"), we're missing this explicit setting of aliases to vulnerability object in **VulnerabilityQueryManager**. Need to do same in method '**getVulnerabilities**' being...

OSV fix : removed alias check

@nscuro @VinodAnandan

OSV : replace ecosystem hardcoding with list of ecosystems managed by Google

@VinodAnandan @nscuro

Add Support for Snyk

@stevespringett I've been working on Snyk vulnerability analysis integration upon bom upload in DT. It will act as an analyser similar to OSS index. It'll call Snyk API for every...

Add Support for Snyk

No sadly for now, this is an initial version supporting two packages (maven, npm). It now enables querying the API with purl as url encoded. Currently, there are only two...

It's not possible to import components with PURLs with more than 255 characters

**Current bug as per testing in Postgres** The index defined on component's purl (COMPONENT_PURL_IDX) is not used in any query using purl match (either equals or LIKE). Screenshots proving the...