Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Exclude binary packages that have overlap by file ownership relationship #1024

Merged
merged 10 commits into from
Dec 12, 2022
Merged

fix: Exclude binary packages that have overlap by file ownership relationship #1024

merged 10 commits into from
Dec 12, 2022

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented Nov 30, 2022
edited
Loading

This PR excludes binary packages found which are identified as children in an ownership-by-file-overlap relationship -- e.g. a binary file that was installed with APK.

@kzantow kzantow marked this pull request as ready for review November 30, 2022 20:28
@kzantow kzantow requested a review from a team November 30, 2022 20:28
kzantow
kzantow commented Dec 9, 2022
View reviewed changes
test/quality/.python-version
@@ -0,0 +1 @@
3.10.7
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not convinced this is a good thing to check in -- what if the user has 3.10.6 or some other functional 3.10 version, just not 3.10.7?

@kzantow kzantow changed the title fix: Exclude packages that have overlap by file ownership relationship fix: Exclude binary packages that have overlap by file ownership relationship Dec 10, 2022
@kzantow kzantow merged commit 2c94031 into anchore:main Dec 12, 2022
@kzantow kzantow deleted the fix/exclude-packages-with-file-overlap branch December 12, 2022 20:59
spiffcs added a commit that referenced this pull request Dec 13, 2022
@spiffcs
Merge branch 'main' into upgrade-cyclonedx
dbee164 
* main:
  chore: add GitLab Community Edition image to quality gate (#1035)
  Update Syft to v0.63.0 (#1037)
  fix: Exclude binary packages that have overlap by file ownership relationship (#1024)
  docs: update quality gate docs (#1032)
  Optionally orient results by CVE (#1020)

Signed-off-by: Christopher Phillips <[email protected]>
spiffcs added a commit to willyw0nka/grype that referenced this pull request Jan 24, 2023
@spiffcs
Merge branch 'main' into feature/grype-update
fc34c3f 
* main: (56 commits)
  fix: always include severity in cyclonedx output (anchore#1067)
  Update Syft to v0.68.0 (anchore#1064)
  Add protobuf FPs to default ignore list (anchore#1062)
  chore: update Syft to v0.66.2 (anchore#1060)
  Update grype bootstrap tools to latest versions. (anchore#1055)
  feat: allow grype db diff to specify local db directories (anchore#1058)
  chore: claim artifacthub package ownership from developer-guy (anchore#661)
  chore: add github token to quality tests (anchore#1056)
  chore: update yardstick to diagnose intermittent failures (anchore#1054)
  Update grype bootstrap tools to latest versions. (anchore#1048)
  fix: sort vulnerability results (anchore#1052)
  Adding internal/file/hasher test cases (anchore#1049)
  fix: orient by cve merging (anchore#1046)
  Update Syft to v0.64.0 (anchore#1047)
  fix: update removing results based on ownership-by-file-overlap (anchore#1045)
  feat: swap custom cyclone-dx model for cyclone-dx library (anchore#1038)
  chore: add GitLab Community Edition image to quality gate (anchore#1035)
  Update Syft to v0.63.0 (anchore#1037)
  fix: Exclude binary packages that have overlap by file ownership relationship (anchore#1024)
  docs: update quality gate docs (anchore#1032)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kzantow @wagoodman