Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: do not panic on cdx output from PURL file #2328

Merged
merged 3 commits into from
Dec 13, 2024

Conversation

willmurphyscode
Copy link
Contributor

Previously, for formats that attempted to nest vulnerabilities within an SBOM, such as CycloneDX, scanning a PURL would panic because no SBOM was ever instantiated. Instantiate the SBOM.

Fixes #2324

Previously, for formats that attempted to nest vulnerabilities within an
SBOM, such as CycloneDX, scanning a PURL would panic because no SBOM was
ever instantiated. Instantiate the SBOM.

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
spiffcs
spiffcs previously approved these changes Dec 12, 2024
@spiffcs spiffcs self-requested a review December 12, 2024 21:55
@spiffcs spiffcs dismissed their stale review December 12, 2024 21:55

Paired and approved - we need another test for the different formats. Only fixed cdx

@willmurphyscode
Copy link
Contributor Author

Turns out this did not fix sarif. Back to draft.

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs spiffcs enabled auto-merge (squash) December 13, 2024 15:33
@spiffcs spiffcs merged commit 4855fce into main Dec 13, 2024
10 checks passed
@spiffcs spiffcs deleted the fix-no-panic-on-cdx-purl-input branch December 13, 2024 15:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Grype panics on certain output formats for PURL inputs
2 participants