jake icon indicating copy to clipboard operation
jake copied to clipboard

Published 20 hours ago verified publisher icon sonatype-nexus-community

OSS: Exclude qualifiers for Conda packages

Open riccardoporreca opened this issue 9 months ago • 2 comments

Including qualifiers for Conda packages (build nr., channel, etc) in the Package URL used to retrieve the vulnerability report from the OSS index causes no vulnerabilities to be detected. This can be see as a way to mitigate sonatype-nexus-community/ossindex-python#19 on the OSS index side

This pull request makes the following changes:

  • Remove the qualifiers from the purl of Conda packages when retrieving the OSS index component report

It relates to the following issue #145

cc @bhamail / @DarthHater

riccardoporreca avatar Nov 06 '23 14:11 riccardoporreca

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell C 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

sonarcloud[bot] avatar Nov 06 '23 14:11 sonarcloud[bot]

@bhamail, @DarthHater I am keeping this as Draft without bothering about the failed tests, just to propose a possible quick (and dirty) approach. Happy to follow up in any direction you suggest

riccardoporreca avatar Nov 06 '23 15:11 riccardoporreca