anchore/vunnel

Issues

• Switch RedHat vulnerability provider from OVAL to CSAF

  #323 opened a year ago by westonsteimel
  3

• schemas version 2 wishlist

  #266 opened a year ago by westonsteimel
  5

• Enhance SLES provider to pull in oval data on unfixed packages

  #626 opened 6 months ago by westonsteimel
  4

• providers should download small files concurrently

  #700 opened 3 months ago by willmurphyscode
  0

• There should be an easier way to add test cases for providers

  #653 opened 5 months ago by willmurphyscode
  2

• Test: add quality gate for percentage of namespaces exercised by at least one test image

  #308 opened a year ago by spiffcs
  0

• chore: replace frequenty used dict literals with data classes

  #644 opened 6 months ago by willmurphyscode
  1

• add exploit \ epss for cves

  #632 opened 6 months ago by TimBrown1611
  3

• Avoid scraping HTML in the amazon provider

  #8 opened 2 years ago by wagoodman
  1

• Potential missing CVE/package associations in database for SLES

  #655 opened 5 months ago by BenoitGui
  10

• github: persist all of the reference links in the final result

  #646 opened 6 months ago by westonsteimel
  0

• Upstream SUSE OVAL archives and CVSS data is changing

  #571 opened 6 months ago by msmeissn
  5

• Add a provider for Fedora

  #598 opened 7 months ago by wagoodman
  2

• Quality gate failing for a few days in a row

  #583 opened 8 months ago by willmurphyscode
  2

• Improve error handling of deterministic minor errors

  #544 opened 9 months ago by willmurphyscode
  0

• Wolfi and Chainguard providers and not handling download errors as expected

  #515 opened 10 months ago by dperry
  4

• Redhat `package_name` with `/` do not always reference modules

  #443 opened a year ago by wagoodman
  11

• http.get does not support exponential backoff on retries

  #415 opened a year ago by westonsteimel
  0

• Disallow all bare try-except clauses

  #310 opened a year ago by wagoodman
  1

• Make troubleshooting quality gate failures easier

  #360 opened a year ago by wagoodman
  0

• Quality gate should use `expected_namespaces` to filter results

  #359 opened a year ago by wagoodman
  0

• Every provider should have "data to vuln object" unit test

  #309 opened a year ago by willmurphyscode
  1

• Consume bitnami vulnerability data

  #332 opened a year ago by westonsteimel
  0

• Investigate using the OVAL v2 API for RHEL provider

  #16 opened a year ago by wagoodman
  1

• Add descriptions to amazonlinux vulnerability entries

  #254 opened a year ago by tomerse-sg
  0

• Add GitHub Security Advisory data for Swift

  #293 opened a year ago by westonsteimel
  0

• Add GitHub Security Advisory data for Dart packages

  #294 opened a year ago by westonsteimel
  0

• Add GitHub Security Advisory data for Erlang packages

  #300 opened a year ago by westonsteimel
  0

• Vunnel should retain "not applicable" items so that grype can use them as negative evidence

  #268 opened a year ago by willmurphyscode
  0

• amazon: improve version constraint construction for ALASKERNEL-x.x-* advisories to reduce false positive matches

  #265 opened a year ago by westonsteimel
  4

• Support Photon OS CVE Feeds

  #259 opened 4 years ago by cjnosal
  3

• rhel: handle cases where a vulnerability transitions to not-affected

  #252 opened a year ago by westonsteimel
  0

• grype showing disputed CVE in Mariner 2.0

  #246 opened a year ago by eric-desrochers
  9

• Include CVSS in GitHub Advisory data

  #75 opened 2 years ago by westonsteimel
  0

• Enhance quality gate to fail when a new provider is not configured

  #127 opened 2 years ago by wagoodman
  0

• Assets

  #102 opened 2 years ago by wagoodman
  4

• Add provider label features

  #113 opened 2 years ago by wagoodman
  0

• Migrate all provider URLs to configuration

  #81 opened 2 years ago by wagoodman
  0

• Refactor provider names to be more consistent

  #76 opened 2 years ago by wagoodman
  0

• ubuntu provider git url should be configurable

  #48 opened 2 years ago by westonsteimel
  0

• Investigate using the OVAL data for ubuntu provider

  #24 opened 2 years ago by wagoodman
  2

• Port remaining feed drivers from enterprise

  #3 opened 2 years ago by wagoodman
  1

• NVD provider taking a long time even when results are cached

  #9 opened 2 years ago by wagoodman
  0

• Use the new NVD CPE v2 API instead of the deprecated feeds

  #11 opened 2 years ago by wagoodman
  0

• Split all providers into "download" and "process" steps

  #26 opened 2 years ago by wagoodman
  0

• Normalize provider output to conform to defined in-repo schemas

  #25 opened 2 years ago by wagoodman
  1

• skip_if_exists not passed to centos parser within RHEL parser

  #17 opened 2 years ago by wagoodman
  1

• Change provider interface to separate "download" and "process" steps

  #14 opened 2 years ago by wagoodman
  0

• NVD provider crafting full CPE set from CPE dictionary

  #10 opened 2 years ago by wagoodman
  0