search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.15k stars 347 forks source link

Select a version that actually exists #1012

Closed another-rex closed 4 months ago

another-rex commented 4 months ago

The version of zlib (in the purl) seems to be randomly selected for testing purposes (1.2.10-r2), as it doesn't match the rest of the SBOM. The problem is that a particular version never existed, and only showed up because it was incorrectly enumerated in osv.dev.

Now that the version enumeration has been fixed it causes different results to show up in the testing snapshot.

This PR makes all the version numbers for zlib in the SBOM consistent, and sets it to 1.2.10-r0 which actually exists. (And the snapshot will not change when the fixed alpine enumeration moves to production.)

codecov-commenter commented 4 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 64.96%. Comparing base (854cb01) to head (17ba466).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1012 +/- ## ======================================= Coverage 64.96% 64.96% ======================================= Files 149 149 Lines 12259 12259 ======================================= Hits 7964 7964 Misses 3844 3844 Partials 451 451 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.