Skip to content

fix(vuln) unique vulnerabilities from different data sources #984

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
knqyf263 merged 13 commits into from
May 12, 2021
Merged

fix(vuln) unique vulnerabilities from different data sources #984

knqyf263 merged 13 commits into from
May 12, 2021

Conversation

@rahul2393
Copy link
Contributor

@rahul2393 rahul2393 commented May 6, 2021

@rahul2393 rahul2393 mentioned this pull request May 6, 2021
Closed
@codecov
Copy link

codecov bot commented May 6, 2021
edited
Loading

Codecov Report

Merging #984 (a774192) into main (a00d719) will decrease coverage by 6.32%.
The diff coverage is 52.25%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #984      +/-   ##
==========================================
- Coverage   68.50%   62.18%   -6.33%     
==========================================
  Files          57       65       +8     
  Lines        2210     2626     +416     
==========================================
+ Hits         1514     1633     +119     
- Misses        564      858     +294     
- Partials      132      135       +3
Impacted Files Coverage Δ
pkg/commands/artifact/config.go 81.81% <ø> (ø)
pkg/commands/artifact/fs.go 0.00% <0.00%> (ø)
pkg/commands/artifact/image.go 0.00% <0.00%> (ø)
pkg/commands/artifact/repository.go 0.00% <0.00%> (ø)
pkg/commands/artifact/run.go 0.00% <0.00%> (ø)
pkg/commands/artifact/wire_gen.go 0.00% <0.00%> (ø)
pkg/commands/client/config.go 79.31% <ø> (ø)
pkg/commands/client/run.go 0.00% <0.00%> (ø)
pkg/commands/client/wire_gen.go 0.00% <0.00%> (ø)
pkg/commands/config/cache.go 100.00% <ø> (ø)
... and 43 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 415e1d8...a774192. Read the comment docs.

@simar7
Copy link
Member

simar7 commented May 7, 2021

@knqyf263 would you know if the detected vulnerabilities can include duplicates? This PR handles the case but I'm curious why it happens in the first place to begin with. For example see this test https://github.com/aquasecurity/trivy/pull/984/files#diff-b831e004a3a89308d4c295025cf963c7e4f9c29d8d6f9377fea03ceb3a5cc655R352-R371

@knqyf263
Copy link
Collaborator

knqyf263 commented May 9, 2021

It is possible to happen since Trivy DB might have multiple data sources for the same target. For example, Trivy DB has GItLab Advisory Database and GitHub Security Advisories for Java detection. Then, they might have the same vulnerabilities.

douglasduteil added a commit to SocialGouv/docker that referenced this pull request May 12, 2021
@douglasduteil
ci(github): allow upload-sarif to fail
d383325 
Waiting for aquasecurity/trivy#984
@douglasduteil douglasduteil mentioned this pull request May 12, 2021
Merged
douglasduteil added a commit to SocialGouv/docker that referenced this pull request May 12, 2021
@douglasduteil
ci(github): allow upload-sarif to fail (#638)
04609bb 
Waiting for aquasecurity/trivy#984
@knqyf263 knqyf263 changed the title Fix duplicate Rule in sarif template fix(vuln) unique vulnerabilities from different data sources May 12, 2021
@knqyf263 knqyf263 merged commit e26e39a into aquasecurity:main May 12, 2021
liamg pushed a commit that referenced this pull request Jun 7, 2022
@rahul2393 @knqyf263
fix(vuln) unique vulnerabilities from different data sources (#984)
f74110d 
* Fix duplicate Rule in sarif template

* Fix integration tests

* Fixed tests

* Update certs validity upto 2100

* Moved deduplication logic to Filter

* Fix linting issue

* Fix liniting issue

* fix: deduplicate vulnerabilities

* refactor

* fix: add installed versions to uniq keys

* Fix tests

* Fix Unit tests.

* Revert port change

Co-authored-by: knqyf263 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rahul2393 @simar7 @knqyf263