Terri Oda
Terri Oda
New checker request: *libevent* (Taken from the wishllist in #709) **Source code**: https://github.com/libevent/libevent **CVEs**: https://www.cvedetails.com/vulnerability-list/vendor_id-15590/product_id-32303/Libevent-Project-Libevent.html **Instructions**: [How to add a new checker to the CVE Binary Tool](https://github.com/intel/cve-bin-tool/blob/master/cve_bin_tool/checkers/README.md) You can also...
I'm currently using vscode's `markdownlint` as my document linter for markdown files, but as you may have noticed, I haven't been super aggressive about that. I'm wondering if I should...
The `cve_bin_tool/format_checkers.py` tool is currently adding the word "server" in every pull request because of the http server entry. I *could* just allow it and be done with it, but...
Saw these failing in a few places in the pull requests over the weekend: ``` =========================== short test summary info ============================ FAILED test/test_extractor.py::TestExtractFileRpm::test_extract_file_rpm - Ru... FAILED test/test_extractor.py::TestExtractFileRpmWithZstd::test_extract_file_rpm FAILED test/test_helper_script.py::TestHelperScript::test_scan_files_single =====...
Came up during today's meeting: we don't currently credit all of our data sources during command line running. They're listed in the documentation and code but it might be nice...
I'm getting messages from people's forks of cve-bin-tool indicating that they can't run the cache update in github actions. I'm guessing they're failing because the users in question haven't got...
Yocto already has tooling to help with licensing management and I think can generate SBOMs that we can scan. But I think there's some opportunity for us to more gracefully...
>I suspect @anthonyharrison is correct that this might be better as a debug statement, but I'm kind of curious as to whether restricting ourselves to one encoding is a big...
* Related issue #1894 We currently have a nvd_years() function that determines the number of years of NVD data we have by checking the json files stored in the cache...
Thanks especially to @yashugarg we've now got some more fuzzing options in `fuzz/` that are fairly easy to run. They currently don't find much, which is partially because we did...