Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable NVD cache search without SBOM #18

Open
4 tasks done
mdingwall opened this issue Jan 3, 2025 · 0 comments · May be fixed by #19
Open
4 tasks done

Enable NVD cache search without SBOM #18

mdingwall opened this issue Jan 3, 2025 · 0 comments · May be fixed by #19
Assignees
@mdingwall
Labels
enhancement New feature or request

Comments

@mdingwall
Copy link
Collaborator

mdingwall commented Jan 3, 2025
edited
Loading

Need to add the ability to make the CveMatcher class be given a list of CPEs to search for. This should allow it to find packages without the need for an SBOM document.

Tasks:

  • Look at changing the CveMatcher.init() method to no longer take an SPDXDocument at initialization.
  • Add properties for an SPDXDocument or CPEList.
  • Move the SPDXDocument processing from CveMatcher.init() into a new method that is called by the user.
  • Make new usage pattern for CveMatcher: 
    ...
# Rough pseudo code
matcher = CveMatcher(VulnerabilityDabase.path())
if args.file:
  sbom_file = SpdxDocument.open(args.file) # this is not workable code, assumes only a single SPDX file
  matcher.spdx_document = sbom_file
elif len(args.packages) > 0:
  #package_list = process_packages_to_cpes(args.packages)
  #matcher.package_list = package_list
  for package in args.packages:
    matcher.add_package(process_package_arg(package))
matcher.process()
@mdingwall mdingwall added the enhancement New feature or request label Jan 3, 2025
@mdingwall mdingwall self-assigned this Jan 3, 2025
This was referenced Jan 3, 2025
Open
Draft
@mdingwall mdingwall linked a pull request Jan 6, 2025 that will close this issue
Enable NVD cache search without SBOM #19
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mdingwall mdingwall

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Enable NVD cache search without SBOM integratedcomputersolutions/ics-sbom-libs
1 participant
@mdingwall