-
Notifications
You must be signed in to change notification settings - Fork 460
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE scan on cve-bin-tool's requirements and HTML report dependencies #1113
Conversation
Should I move the CSV file to a specific directory or keep it at root? |
Codecov Report
@@ Coverage Diff @@
## main #1113 +/- ##
==========================================
+ Coverage 86.59% 86.80% +0.21%
==========================================
Files 177 183 +6
Lines 2998 3031 +33
Branches 333 333
==========================================
+ Hits 2596 2631 +35
+ Misses 320 319 -1
+ Partials 82 81 -1
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
Made the changes according to the recommendations from the meet! |
Switched to
from the We might need to think about switching from |
Thought the test would fail on JQuery but before running the scan on html report dependencies cve-bin-tool found a CVE on reportlab. And it seems like all versions of reportlab is affected by the CVE CVE-2020-28463 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most of these are just nitpicking but if you change setup-python
version, word capitalization and pip
usage, might as well change it in other jobs unless maintainers decide it is better to separate changes.
Codecov Report
@@ Coverage Diff @@
## main #1113 +/- ##
==========================================
- Coverage 86.59% 80.41% -6.18%
==========================================
Files 177 196 +19
Lines 2998 3354 +356
Branches 333 375 +42
==========================================
+ Hits 2596 2697 +101
- Misses 320 559 +239
- Partials 82 98 +16
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
PR is updated to scan a single cached CSV file and all CVEs are now shown in that run (failed test). |
Co-authored-by: Dmitry Volodin <[email protected]>
If I understand caching correctly this (not internal GitHub Actions error) failed because:
|
Yup, there was no existing cache directory. So I changed the test to create a cache directory if it doesn't exist.
I thought the same too. But it's actually a problem with the directory not existing, not the file. Since if the file doesn't exist while using open in |
Cover cases for when csv file is not in sync with txt file and split the error messages for improved reading.
Add single run of cve-bin-tool to produce a cache folder properly and remove the check for cache directory.
Save the .csv file to the root of the project directory instead of cache directory.
The CSV file is compiled with the vendor and product columns with the packages from requirements.txt and the HTML report dependencies.
closes #1111 and closes #809