v0.8.0.rc1 does not print GHSA IDs for vulnerabilities with no other identifiers

Question

v0.8.0.rc1 does not print GHSA IDs for vulnerabilities with no other identifiers

mikesaelim opened this issue 4 years ago · 2 comments

I was looking at the changes between v0.7.0.1 and v0.8.0.rc1, to prepare the ruby_audit gem to be compatible with your upcoming release (we love your work, by the way), and I think that the Bundler::Audit::CLI::Formats::Text class lost some of the changes introduced in #217 to print out GHSA IDs. So when a vulnerability only has a GHSA ID, no identifier is printed out.

Answer 1 · 2021-02-13T19:14:56.000Z

Good catch. I could add an Advisory#identifier method that returns the first available identifier (cve_id vs ghsa_id vs osvdb_id (legacy)), or we could use the Advisory#id which is derived from the advisory file-name (sans the .yml ext).

Answer 2 · 2021-02-14T18:19:15.000Z

Either sounds good to me. Thanks for looking into this issue!