Terri Oda
Terri Oda
https://nvd.nist.gov/General/News/changes-to-feeds-and-apis - "late 2022" the API is going to change - "late 2023" the other feeds including our fallback JSON will go away I'm guessing we'll probably get the 3.2...
Currently, CVE-bin-tool outputs errors to the console but mostly generates reports without them. Do we want to uplevel some messages to be part of the report? I'm not sure what...
From an email: > We generate CVE reports based on previously prepared .json file and there are two corner cases that make tracking CVEs difficult. > - When .json file...
We've occasionally seen some errors involving the extraction tests that seem to be sporadic and not occurring on every run. I'm cutting and pasting the log here before I re-run...
* related #1860 @rhythmrx9 has made some database changes to support multiple data sources. He's got some code for upgrading in the PR above which I think will cover what...
When you specify a bill of materials/csv/json file where cve-bin-tool is expecting a binary, we have code that makes it "do the right thing" and switch to -i to attempt...
Right now we use cve-bin-tool to scan the main requirements.txt file and a few others. We've recently moved a bunch of the development requirements into dev-requirements.txt so they're no longer...
Related: * #1768 It looks like the script that adds new checkers into the docs is not running as expected in CI. The yml for it is here: https://github.com/intel/cve-bin-tool/blob/main/.github/workflows/formatting.yml
We currently maintain two .csv files for scanning components needed or included by cve-bin-tool. Now that we have sbom support, we might want to consider providing an actual SBOM both...
We had a quick chat in today's GSoC meeting about the current problems in CI. Current state: - tests are timing out on PRs pretty consistently. - tests are sometimes...