This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
CPEs generated for hints content doesn't get matched properly #1279
Comments
zhill
added a commit
that referenced
this issue
Oct 12, 2021
Signed-off-by: Zach Hill <[email protected]>
zhill
added a commit
that referenced
this issue
Oct 14, 2021
Signed-off-by: Zach Hill <[email protected]>
zhill
added a commit
that referenced
this issue
Oct 14, 2021
Signed-off-by: Zach Hill <[email protected]>
zhill
added a commit
that referenced
this issue
Oct 15, 2021
Replaces "-" with "*" in hints-content cpes. Fixes #1279
|
Closed in #1280 for v1.0.1 release |
Merged
zburstein
pushed a commit
that referenced
this issue
Oct 29, 2021
Signed-off-by: Zach Hill <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In Engine 1.0 the content hints packages come in from user spec in the image (/anchore_hints.json), and the CPEs are generated in the policy engine instead of by Syft at analysis time. That CPE is incorrectly using '-' (N/A) rather than the wildcard '*' when no vendor is available.
This only impacts the Grype scanner mode.
The text was updated successfully, but these errors were encountered: