Open
Conversation
There are some dead 404 link and I am not sure who is behind this. Let's not use it at all for now. Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
A VulnerabilitySeverity models is added in models.py to store severity of vulnerability. Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
A dataclass `VulnerabilitySeverity` is added to enable to transport of severity scores. The logic in importer_runner.py is modified to store, update severity scores and link it to reference and vulnerability Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
scoring_system_identifier is changed to scoring_system Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
* Correct typo in severity_systems.py * Use typo for scoring fields instead of list in models.py * Handle absence of bugzilla and RHSA better in redhat.py Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Add django admin functionality for searching and filtering objects
found for a vuln_id Signed-off-by: Tushar912 <tushar.912u@gmail.com>
Add message when no vulnerabilities are found for a vuln_id
Use https://secdb.alpinelinux.org/ instead of https://gitlab.alpinelinux.org/alpine/infra/alpine-secdb Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Rolf Schröder <rolf.schr@gmail.com>
Add me to AUTHORS
Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
If there is an operational error on one of the importer, it is better to still run the other importers Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
This allows to print stack traces on the stdout Best practice would be to integrate with sentry, but at least print the stack trace is helpful when trying to deploy this Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
Bumps [pygments](https://github.com/pygments/pygments) from 2.6.1 to 2.7.4. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](pygments/pygments@2.6.1...2.7.4) Signed-off-by: dependabot[bot] <support@github.com>
…s-2.7.4 Bump pygments from 2.6.1 to 2.7.4
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.2 to 4.6.3. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-4.6.2...lxml-4.6.3) Signed-off-by: dependabot[bot] <support@github.com>
* Fix aboutcode-org#394 Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
…-4.6.3 Update nix deps.
enable aiohttp client to trust environement for proxy
import: continue upon failure
Misc fixes for deploying vulnerablecode on a container platform
enable configuration of allowed host
Bump lxml from 4.6.2 to 4.6.3
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Introduced and used a helper function for retries on 5xx errors. This is important and some servers like bugzilla.redhat.com return 502 Proxy Error which was the cause of aboutcode-org#398 A ticket has been raised in RedHat here https://redhat.service-now.com/help?id=rh_ticket&table=sc_req_item&sys_id=278239541b1ba010477e43fccd4bcb4a Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
This is mentioned in the NOTE of "2.1 List all CVRFs" of https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/cvrf Such a case would lead to a crash before this commit. Eg: https://access.redhat.com/hydra/rest/securitydata/cvrf/RHSA-2005:835.json No cvrfdoc would be found in the statement value = rhsa_data["cvrfdoc"]["aggregate_severity"] Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
This finally fixes aboutcode-org#398 Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Previous commits replace the usage of requests.get() altogether with a custom requests_session which provides better 5xx error handling. It is now required to mock that object in this test. IMHO it would make more sense to update this test altogether to use the real endpoints against some real data. Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Fix redhat import failure
Add unspecified scoring system
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
sbs2001
force-pushed
the
test_upstream_data
branch
from
b4a219c to
60370ee
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.