Skip to content
This repository has been archived by the owner on Oct 14, 2024. It is now read-only.

fix(scanner): enrich vulnerability data instead of using first vulnerability #1971

Merged
merged 2 commits into from
Aug 2, 2024
Merged

fix(scanner): enrich vulnerability data instead of using first vulnerability #1971

merged 2 commits into from
Aug 2, 2024

Conversation

paralta
Copy link
Contributor

@paralta paralta commented Jul 31, 2024

Description

Currently, we use the first vulnerability in merged vulnerabilities results

vmclarity/cli/presenter/apimodel.go

Line 72 in fb54c41

vulCandidate := vulCandidates[0]
which may cause inconsistencies in final results when there is more than one entry for a particular vulnerability id (CVE).

These code changes allow us to merge vulnerabilities with the same ID into a single vulnerability by enriching the vulnerability data with the data from all the different entries.

Type of Change

  • Bug Fix
  • New Feature
  • Breaking Change
  • Refactor
  • Documentation
  • Other (please describe)

Checklist

  • I have read the contributing guidelines
  • Existing issues have been referenced (where applicable)
  • I have verified this change is not present in other open pull requests
  • Functionality is documented
  • All code style checks pass
  • New code contribution is covered by automated tests
  • All new and existing tests pass

@paralta paralta added bug Something isn't working scanners Issues related to adding new scanners labels Jul 31, 2024
@paralta paralta self-assigned this Jul 31, 2024
@paralta paralta changed the title fix: enrich vulnerability data instead of using first vulnerability fix(scanner): enrich vulnerability data instead of using first vulnerability Jul 31, 2024
@paralta paralta force-pushed the inconsistent-vulnerability-fix branch from 7dd5d97 to b6e663a Compare July 31, 2024 16:19
@paralta paralta force-pushed the inconsistent-vulnerability-fix branch from b6e663a to 771f40d Compare July 31, 2024 16:54
@paralta paralta marked this pull request as ready for review August 1, 2024 08:12
@paralta paralta requested a review from a team as a code owner August 1, 2024 08:12
@paralta paralta requested a review from ramizpolic August 1, 2024 14:41
ramizpolic
ramizpolic approved these changes Aug 1, 2024
View reviewed changes
Copy link
Member

@ramizpolic ramizpolic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@paralta paralta added this pull request to the merge queue Aug 2, 2024
Merged via the queue into main with commit 85e936d Aug 2, 2024
17 checks passed
@paralta paralta deleted the inconsistent-vulnerability-fix branch August 2, 2024 08:08
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ramizpolic ramizpolic ramizpolic approved these changes

Assignees

@paralta paralta

Labels
bug Something isn't working scanners Issues related to adding new scanners
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@paralta @ramizpolic