search

sonatype-nexus-community / jake

Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.
https://jake.readthedocs.io/
Apache License 2.0
111 stars 24 forks source link

OSS: Exclude qualifiers for Conda packages #146

Open riccardoporreca opened 10 months ago

riccardoporreca commented 10 months ago

Including qualifiers for Conda packages (build nr., channel, etc) in the Package URL used to retrieve the vulnerability report from the OSS index causes no vulnerabilities to be detected. This can be see as a way to mitigate sonatype-nexus-community/ossindex-python#19 on the OSS index side

This pull request makes the following changes:

It relates to the following issue #145

cc @bhamail / @DarthHater

sonarcloud[bot] commented 10 months ago

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell C 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

riccardoporreca commented 10 months ago

@bhamail, @DarthHater I am keeping this as Draft without bothering about the failed tests, just to propose a possible quick (and dirty) approach. Happy to follow up in any direction you suggest