8000 Fill in missing vendor record details with NVD record data · Issue #568 · anchore/grype-db · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fill in missing vendor record details with NVD record data #568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wagoodman opened this issue May 5, 2025 · 0 comments
Open

Fill in missing vendor record details with NVD record data #568

wagoodman opened this issue May 5, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@wagoodman
Copy link
Contributor

Today we tend to keep records from different providers from "crossing streams" and affecting one another. However, we're missing out on the opportunity to take incomplete vendor records and fill in missing data with data that is already on the upstream canonical NVD record.

anchore/grype#2620 is a good example of this; Canonical hasn't triaged this for many older distro versions, thus we assume that all versions are vulnerable, but the NVD record does specify a range that could be applied when matching on the ubuntu record directly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
OSS
Status: Ready
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wagoodman
0