Skip to content

Commit

Permalink
fix: returns the CVE as the vulnerability id in the OSV Provider if i…
Browse files Browse the repository at this point in the history
…t is an alias
  • Loading branch information
djschleen authored Sep 22, 2024
1 parent a4a2058 commit 1f362fc
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion providers/osv/osv.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ func (Provider) Scan(purls []string, credentials *m.Credentials) ([]m.Package, e
}
vulnerability := m.Vulnerability{
ID: func() string {
for _, alias := range vuln.Aliases {
if strings.HasPrefix(strings.ToLower(alias), "cve") {
return alias
}
}
if vuln.ID == "" {
return "NOT PROVIDED"
}
Expand All @@ -76,7 +81,7 @@ func (Provider) Scan(purls []string, credentials *m.Credentials) ([]m.Package, e
Severity: severity,
Cve: func() string {
if len(vuln.Aliases) > 0 {
return vuln.Aliases[0]
return strings.Join(vuln.Aliases, ",")
}
return "NOT PROVIDED"
}(),
Expand Down

0 comments on commit 1f362fc

Please sign in to comment.