fix(ghsa): return Rust advisories

aquasecurity / trivy-db

Apache License 2.0

215 stars 131 forks source link

fix(ghsa): return Rust advisories #355

Closed DmitriyLewen closed 12 months ago

DmitriyLewen commented 12 months ago

Description

After #345 changes we addув check of ecosystems for OSV - https://github.com/aquasecurity/trivy-db/blob/d5388c99ca492bf0c8822b27a2e5190794543bb5/pkg/vulnsrc/osv/osv.go#L143-L146 GHSA uses Rustecosystem -https://github.com/aquasecurity/trivy-db/blob/d5388c99ca492bf0c8822b27a2e5190794543bb5/pkg/vulnsrc/ghsa/ghsa.go#L32 OSV uses Cargo ecosystem - https://github.com/aquasecurity/trivy-db/blob/d5388c99ca492bf0c8822b27a2e5190794543bb5/pkg/vulnsrc/osv/osv.go#L345-L346

That is why we don't save Rust advisories.

Result DB:

knqyf263 commented 12 months ago

@DmitriyLewen I've removed the Rust const so we will not make this kind of mistake. If I understand correctly, it is not used outside of GHSA. Please correct me if I'm wrong.

DmitriyLewen commented 12 months ago

If I understand correctly, it is not used outside of GHSA

You are right. Trivy and Trivy-db don't use this constant. We can remove it.

knqyf263 commented 12 months ago

Thanks for confirming. And I explicitly split GHSA ecosystems and Trivy ecosystems as it was confusing. If it looks good to you, I'll merge this PR.

DmitriyLewen commented 12 months ago

I explicitly split GHSA ecosystems and Trivy ecosystems as it was confusing

This is a better way than mine. Thanks for the help! Let's merge this PR.

knqyf263 commented 12 months ago

Kicked https://github.com/aquasecurity/trivy-db/actions/runs/6258596006