Ruby 2 is EOL but not reported

Question

Ruby 2 is EOL but not reported

yansifw opened this issue a year ago · 2 comments

yansifw commented a year ago

What happened:
Running xeol on ruby 2 docker image does not report Ruby EOL

What you expected to happen:
Ruby 2 EOL should appear

How to reproduce it (as minimally and precisely as possible):
xeol ruby:2 --scope all-layers

Anything else we need to know?:

Environment:

Output of xeol version:
Application: xeol
Version: 0.4.9
Syft Version: v0.83.1
GitCommit: 1042076
Platform: darwin/arm64
GoVersion: go1.18.10
Compiler: gc
OS (e.g: cat /etc/os-release or similar):

Answer 1 · 2023-08-02T13:32:01.000Z

Thanks for reporting this. It looks as though syft correctly detects this, so no problem there.

$ syft ruby:2
 ✔ Pulled image
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [466 packages]

NAME                          VERSION                         TYPE
ruby                          2.7.8p225                       binary

However, I believe the version string it gives us 2.7.8p225 is the problem, since we have to match it to a release cycle version from https://endoflife.date/ruby

We'll need to add some parsing to normalize this version string.

Answer 2 · 2023-08-02T15:11:43.000Z

Once this PR is closed, EOL matching for xeol should work in 0.4.10