-
We have enabled a few "firewall" style rules in github and we should make sure that if we need access to specific urls for purl2cpe downloads that those are added to the appropriate github actions.
…
-
### Description
As briefly discussed in #4058 ([this comment](https://github.com/intel/cve-bin-tool/issues/4058#issuecomment-2132269471) and further on), it seems like the `gcc` checker only report…
-
* Related #3550
# cve-bin-tool: Product Mapping using PURLs
## Project description
CVE Binary Tool needs to identify components in order to scan for vulnerabilities, but uniquely identifying …
-
I've now hit two cases where find_vendor is finding a product with the same name but different version numbers:
- https://github.com/intel/cve-bin-tool/issues/3179
- https://github.com/intel/cve-b…
-
Hi
I have launched cve-bin-tool 3.3 on an old JAVA Spring 4 project, there is no exécution error, but report is empty ??
Severity │ Count │
├──────────┼───────┤
│ CRITICAL │ 0 │
│ HIGH …
-
**Describe the bug**
When searching for CVE-2022-30187, there is only a single result belonging to GHSA being presented.
https://osv.dev/vulnerability/GHSA-64x4-9hc6-r2h6
The GHSA entry doesn't…
-
Please add PURL as a unique identifier to the schema as there is currently no way to identify software component vulnerabilities without a PURL lookup. https://github.com/package-url/purl-spec
-
In addition to PURLs, from time to time there are inquiries to also track CPEs in ORT's data model, e.g. in order to let the advisor query vulnerability providers that only understand CPEs.
Open qu…
-
Hello,
I find out your project by googling and it seems great. I would like to use it in other open sources such as [cve-bin-tool](https://github.com/intel/cve-bin-tool). However, it seems that the…
-
GSoC 2024 has been officially announced and the schedule is up here:
https://developers.google.com/open-source/gsoc/timeline
We'll want to have some _viable_ ideas nailed down around the end of Ja…