search

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
https://cve-bin-tool.readthedocs.io/en/latest/
GNU General Public License v3.0
1.23k stars 464 forks source link

Release version parser as separate library on pypi? #4081

Open terriko opened 6 months ago

terriko commented 6 months ago

This is more for me than anyone else:

When I was looking for a good generic version parser in python I tried a few different libraries before (reluctantly) writing the parser we are using as of the 3.3 release.

I think it would probably be nice to release it as a separate library on pypi so people could use it directly without having to install cve-bin-tool, in case anyone else has the same problem I had for handling non pep 440 compliant versions.

This issue is a reminder to me to see if the best route is to split it out as a separately-maintained library, or if there's any reasonable way of having build scripts or something to let me do it while keeping the file here.

terriko commented 6 months ago

More thoughts:

Before I get around to releasing this separately...