Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] No reported vulnerability for conda packages #145

Open
riccardoporreca opened this issue Nov 6, 2023 · 0 comments
Open

[BUG] No reported vulnerability for conda packages #145

riccardoporreca opened this issue Nov 6, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@riccardoporreca
Copy link

Describe the bug
I am reporting here the effect of an issue I believe is rather related to the OSS index itself (see sonatype-nexus-community/ossindex-python#19 for details), to make this visible to jake users and to check whether there is any mitigating actions that can be possibly done in jake itself

To Reproduce

  1. Run 
    echo "https://repo.anaconda.cloud/repo/main/linux-64/pandas-1.2.5-py39h295c915_0.conda#65bb716eebef11437dd18f0a5902a43b" \
  | jake ddt -t CONDA
  2. No vulnerabilities reported 
    🐍 Collected 1 packages from provided specs                          ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
🐍 Successfully queried OSS Index for package and vulnerability info ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
🐍 Sane number of results from OSS Index                             ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
🐍 Munching & crunching data...                                      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00


                    Summary                     
┏━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Audited Dependencies ┃ Vulnerabilities Found ┃
┡━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩
│ 1                    │ 0                     │
└──────────────────────┴───────────────────────┘
    despite what reported at https://ossindex.sonatype.org/component/pkg:conda/pandas@1.2.5 (or using the REST API with pkg:conda/pandas@1.2.5)

Expected behavior
Vulnerabilities that exist in the OSS Index should be reported

Desktop (please complete the following information):

  • OS: Red Hat Enterprise Linux 8 (Ootpa)
  • Python Version: 3.11.5
  • Jake Version: 3.0.1

Additional context
Add any other context about the problem here.
@riccardoporreca riccardoporreca added the bug Something isn't working label Nov 6, 2023
riccardoporreca added a commit to riccardoporreca/jake that referenced this issue Nov 6, 2023
@riccardoporreca
OSS: Exclude qualifiers for Conda packages (sonatype-nexus-community#145
b42072b 
)


* As a possible approach to mitigate sonatype-nexus-community/ossindex-python#19
@riccardoporreca riccardoporreca mentioned this issue Nov 6, 2023
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@riccardoporreca