Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix CPE generation for k8s python client #1921

Merged
merged 2 commits into from
Jul 10, 2023
Merged

Conversation

luhring
Copy link
Contributor

@luhring luhring commented Jul 7, 2023

I was seeing the Python K8s client library getting the CPE ...:kubernetes:kubernetes:..., which is for Kubernetes itself.

I've been looking through NVD, and I don't think there's actually a CPE assigned yet for the Python client, but they use ...:kubernetes:java:... for the Java client, so it seemed like a good move to avoid using the kubernetes product for the Python library (and assume that the product would most likely be something like python).

@luhring
Copy link
Contributor Author

luhring commented Jul 7, 2023

This CI failure seems unrelated 🤔 make unit passes for me locally...

--- FAIL: TestHandler_handleAttestationStarted (0.00s)
    --- FAIL: TestHandler_handleAttestationStarted/attesting_in_progress (0.00s)
        --- FAIL: TestHandler_handleAttestationStarted/attesting_in_progress/log (0.00s)
            handle_attestation_test.go:122: Message: ui.attestLogFrameTickMsg {Time:2023-07-07 16:44:22.114146643 +0000 UTC m=+0.013199686 Sequence:0 ID:2252984603}
            handle_attestation_test.go:122: Message: tea.BatchMsg [0x637080]
            handle_attestation_test.go:127: 
            handle_attestation_test.go:1[28](https://github.com/anchore/syft/actions/runs/5488646137/jobs/10001775887?pr=1921#step:9:29): 
                - Snapshot - 3
                + Received + 0
                
                -      ░░ contents
                -      ░░ of
                -      ░░ stuff!

@too-gee
Copy link

too-gee commented Jul 7, 2023

Could be related to this?

* main:
  chore: update iterations to protect against race (anchore#1927)
  chore(deps): update bootstrap tools to latest versions (anchore#1922)
  fix: Don't use the actual redis or grpc CPEs for gems (anchore#1926)
@spiffcs spiffcs enabled auto-merge (squash) July 10, 2023 15:48
@spiffcs spiffcs merged commit 9744f4c into anchore:main Jul 10, 2023
@luhring luhring deleted the python-k8s-fps branch July 10, 2023 15:55
spiffcs added a commit that referenced this pull request Jul 11, 2023
* main:
  feat: CLI flag for directory base (#1867)
  Fix CPE gen for k8s python client (#1921)
  chore: update iterations to protect against race (#1927)
  chore(deps): update bootstrap tools to latest versions (#1922)
  fix: Don't use the actual redis or grpc CPEs for gems (#1926)
  fix(install): return with right error code (#1915)
  Remove erroneous Java CPEs from generation (#1918)
  chore(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1916)
  Switch UI to bubbletea (#1888)
  fix: use filepath.EvalSymlinks if os.Readlink fails to evaluate the link (#1884)
  add file source digest support (#1914)
  chore(deps): update bootstrap tools to latest versions (#1908)
  chore(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1912)
  chore(deps): bump golang.org/x/term from 0.9.0 to 0.10.0 (#1913)
  doc(readme): add installation section with scoop (#1909)
  Refactor source API (#1846)
  chore(deps): update bootstrap tools to latest versions (#1905)
@spiffcs spiffcs added the enhancement New feature or request label Jul 12, 2023
@kzantow kzantow linked an issue Aug 10, 2023 that may be closed by this pull request
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
Signed-off-by: Dan Luhring <[email protected]>
Co-authored-by: Christopher Phillips <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

PyPI Kubernetes library generating invalid CPE kubernetes:kubernetes
3 participants