Open r-vdp opened 1 month ago
Definitely sounds like a bug. Not sure off the top of my head why this might happen.
@mastersans while you've been poking around in triage stuff for the refactoring, did you see anything that might have caused this?
@terriko I am not sure what is causing this issue for now, I'll looking it while handling improving triaging process for now i have only looked into parsing and generation in detail.
I've been working on this today and I may have a solution, I need to clean up the code a bit and then I'll make a PR.
I put up #4160 for this.
Description
I have a cyclone dx SBOM file like this one, with only one component to keep it short:
I then run
cve-bin-tool
and generate a triage file with:and I get the following triage file with 4 vulnerabilities listed:
If I then remove one of the vulnerabilities manually and run the same command with the triage file,
the removed vulnerability is not added again to the triage file.
To reproduce
See above.
Expected behaviour: missing entries are added again Actual behaviour: missing entries are not added again
Version/platform info
Version of CVE-bin-tool( e.g. output of
cve-bin-tool --version
): 3.3 Installed from pypi or github? from nixpkgs Operating system:Linux framework 6.9.3 #1-NixOS SMP PREEMPT_DYNAMIC Thu May 30 07:45:04 UTC 2024 x86_64 GNU/Linux
Python version: Python 3.11.9Anything else?