Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] No reported vulnerability for conda packages #145

Open
riccardoporreca opened this issue Nov 6, 2023 · 0 comments
Open

[BUG] No reported vulnerability for conda packages #145

riccardoporreca opened this issue Nov 6, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@riccardoporreca
Copy link

Describe the bug
I am reporting here the effect of an issue I believe is rather related to the OSS index itself (see sonatype-nexus-community/ossindex-python#19 for details), to make this visible to jake users and to check whether there is any mitigating actions that can be possibly done in jake itself

To Reproduce

  1. Run
    echo "https://repo.anaconda.cloud/repo/main/linux-64/pandas-1.2.5-py39h295c915_0.conda#65bb716eebef11437dd18f0a5902a43b" \
      | jake ddt -t CONDA
  2. No vulnerabilities reported
    🐍 Collected 1 packages from provided specs                          ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
    🐍 Successfully queried OSS Index for package and vulnerability info ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
    🐍 Sane number of results from OSS Index                             ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
    🐍 Munching & crunching data...                                      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
    
    
                        Summary                     
    ┏━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓
    ┃ Audited Dependencies ┃ Vulnerabilities Found ┃
    ┡━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩
    │ 1                    │ 0                     │
    └──────────────────────┴───────────────────────┘
    
    despite what reported at https://ossindex.sonatype.org/component/pkg:conda/[email protected] (or using the REST API with pkg:conda/[email protected])

Expected behavior
Vulnerabilities that exist in the OSS Index should be reported

Desktop (please complete the following information):

  • OS: Red Hat Enterprise Linux 8 (Ootpa)
  • Python Version: 3.11.5
  • Jake Version: 3.0.1

Additional context
Add any other context about the problem here.

@riccardoporreca riccardoporreca added the bug Something isn't working label Nov 6, 2023
riccardoporreca added a commit to riccardoporreca/jake that referenced this issue Nov 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant