Find purl based on component name and sbom #994

dejanb · 2024-11-12T16:06:55Z

#948 is able to make vulnerability to sbom correlations (and back) based only on the component names mentioned in advisories. The next step is to use graph analysis to try and find purls for these component names in SBOMs and include them into the response

dejanb · 2024-11-22T16:37:11Z

This is still pedning based on #1014 completion.

dejanb mentioned this issue Nov 12, 2024

feat: csaf correlation - correlate vulnerability to purls and sboms #948

Merged

JimFuller-RedHat self-assigned this Nov 18, 2024

JimFuller-RedHat added this to Trustify Nov 18, 2024

dejanb added Vulnerability Correlation Correlation of vulnerabilities to Packages, SBOMs and Products UI-V1 parity Tasks needed to get done for V1 UI parity labels Nov 20, 2024

JimFuller-RedHat closed this as completed by moving to Done in Trustify Nov 21, 2024

dejanb reopened this Nov 22, 2024

This was referenced Nov 22, 2024

/api/v1/sbom/{id}/advisory contains packages without id. #1043

Open

feat: find purls for affected packages #1048

Merged

dejanb closed this as completed Dec 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Find purl based on component name and sbom #994

Find purl based on component name and sbom #994

dejanb commented Nov 12, 2024

dejanb commented Nov 22, 2024

Find purl based on component name and sbom #994

Find purl based on component name and sbom #994

Comments

dejanb commented Nov 12, 2024

dejanb commented Nov 22, 2024