8000 Dotnet PE binary cataloger is detecting false positives · Issue #3469 · anchore/syft · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Dotnet PE binary cataloger is detecting false positives #3469
New issue
New issue
Closed
#3563
Closed
Dotnet PE binary cataloger is detecting false positives#3469
#3563
Assignees
wagoodman
Labels
bugSomething isn't workingneeds-investigation
@wagoodman

Description

@wagoodman
wagoodman
opened on Nov 20, 2024

What happened:
Originally reported https://github.com/anchore/vulnerability-match-exclusion-database/issues/240#issuecomment-2489341204

syft -q ~/Downloads/jruby-exec.zip 
NAME   VERSION  TYPE     
JRuby  1.0      dotnet

What you expected to happen:
Jruby is not a .NET application, thus should not be detected as so (should find no packages)

Steps to reproduce the issue:
Download jruby binary and scan it with syft.

Anything else we need to know?:
Proposed fix: scan the PE binary for indications of the .NET framework.
Partial fix implemented: https://github.com/anchore/syft/compare/filter-dotnet-pe

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingneeds-investigation

Type

No type

Projects

OSS

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    0