fix(sbom): detect OS from `purl` if OS component not found - Githubissues

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

https://aquasecurity.github.io/trivy

Apache License 2.0

22.31k stars 2.2k forks source link

fix(sbom): detect OS from `purl` if OS component not found #7101

Open DmitriyLewen opened 2 weeks ago

DmitriyLewen commented 2 weeks ago

Description

There are cases when SBOM file doesn't contain OS component. To avoid missing OS packages -we can try to get OS from purl. More details - https://github.com/aquasecurity/trivy/discussions/7073#discussioncomment-9932362

Related issues

Close #7100

Checklist

[x] I've read the guidelines for contributing to this repository.
[x] I've followed the conventions in the PR title.
[x] I've added tests that prove my fix is effective or that my feature works.
[ ] I've updated the documentation with the relevant information (if needed).
[ ] I've added usage information (if the PR introduces new options)
[ ] I've included a "before" and "after" example to the description (if the PR is a user interface change).