Closed msmeissn closed 6 days ago
CVE lines now look like:
<cve impact="high" cvss3="7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" href="https://www.suse.com/security/cve/CVE-2002-20001/">CVE-2002-20001 at SUSE</cve>
<cve impact="high" cvss3="7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" href="https://nvd.nist.gov/vuln/detail/CVE-2002-20001">CVE-2002-20001 at NVD</cve>
Hi @msmeissn, thank you for the heads up. When will the .gz files stop being generated? It should be an easy enough change on our side but it would be helpful to know when the change will happen. Thanks!
Dev note: change .gz to .bz2 here: https://github.com/anchore/vunnel/blob/44df4e25300a4450211301f7349c0ec8c891e026/src/vunnel/providers/sles/parser.py#L49
Also, it looks like we will need to update the severities here:
https://github.com/anchore/vunnel/blob/main/src/vunnel/providers/sles/parser.py#L39
I currently have no timeline for discontinuing .gz format, as I do not know all the users. So at least a year I would say
What would you like to be added:
Why is this needed:
changes on SUSE side.
Additional context: