search

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
https://cve-bin-tool.readthedocs.io/en/latest/
GNU General Public License v3.0
1.23k stars 464 forks source link

CI: refactor tests to separate out direct NVD connections #4044

Open terriko opened 7 months ago

terriko commented 7 months ago

I'm collapsing a few older issues into a single one:

Our tests currently use a cache of NVD that's stored in github, and we've done some work in separating out places where we need network connections, but it's been some time since we looked through it all. We aren't currently using our own mirror for much because it was developed after the tests were last revamped, but if we turn off the NVD_API_KEY on some jobs it will default to that.

I'd like to think about how we should refactor the tests to

This is an issue best tackled by someone who's gotten some experience using the test suite, so probably not suitable for a beginner but anyone who's got a few PRs under their belt likely has an opinion about the test suite and could take a stab at it.

terriko commented 7 months ago

While refactoring, we might also want to consider what we should do about potentially separating our test db and our scanning db going forwards:

mastersans commented 7 months ago

@terriko I'll like to work on this

terriko commented 3 months ago

Moving this to future. I still intend to revisit it but not before the 3.4 pre-release happens.