Stage/vuls
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

breaking-change(cpescan): Improve Cpe scan (#1290)

Browse Source 
* chore(cpescan): enable to pass useJvn to detector.DetectCpeURIsCves()

* review comment

* chore: go mod update go-cve

* feat(cpescan): set JvnVendorProductMatch to confidence If detected by JVN

* add NvdExactVersionMatch andd NvdRoughVersionMatch

* add confidence-over option to report

* sort CveContetens

* fix integration-test
This commit is contained in:
Kota Kanbe
2021-09-07 16:18:59 +09:00
committed by GitHub
parent b9416ae062
commit 3e67f04fe4
24 changed files with 766 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
reporter/util.go
View File

@@ -348,7 +348,7 @@ No CVE-IDs are found in updatable packages.
data = append(data, []string{"Mitigation", m.URL})
}
links := vuln.CveContents.PrimarySrcURLs(r.Lang, r.Family, vuln.CveID)
links := vuln.CveContents.PrimarySrcURLs(r.Lang, r.Family, vuln.CveID, vuln.Confidences)
for _, link := range links {
data = append(data, []string{"Primary Src", link.Value})
}