wolfictl icon indicating copy to clipboard operation
wolfictl copied to clipboard
verified publisher icon wolfi-dev

Let `-V 'CGA-...'` imply the package name

Open luhring opened this issue 1 year ago • 1 comments

For commands where the user can specify the vulnerability ID and the distro package name, it would be convenient if they could specify just a CGA ID and let that imply both the vulnerability ID and the distro package name, since CGA IDs are unique across packages.

Commands where this would come into play:

  • wolfictl adv create
  • wolfictl adv update

This could also benefit wolfictl adv validate, but it doesn't currently have a vulnerability or advisory ID flag.

luhring avatar Nov 13 '24 00:11 luhring

Hey @luhring, if this is still needed, I can try to do it. I’ve been looking at the codebase and I think this is totally doable. The current flow already detects CGA IDs in reqParams.GenerateRequests() using the regex pattern, so we’re halfway there. But I have some doubts, like what if the CGA ID doesn’t exist yet? (probably fine for create, but should error for update.)

iamrajiv avatar Jul 10 '25 04:07 iamrajiv