libs: Add envoy.dependency.check[cves]#186
Conversation
|
✔️ Deploy Preview for nifty-bassi-e26446 ready! 🔨 Explore the source changes: 763cbb3 🔍 Inspect the deploy log: https://app.netlify.com/sites/nifty-bassi-e26446/deploys/61ec7a03ab6f36000832adb8 😎 Browse the preview: https://deploy-preview-186--nifty-bassi-e26446.netlify.app |
phlax
changed the title
envoy.dependency.check[cves]envoy.dependency.check[cves]
envoy.dependency.check/envoy/dependency/check/abstract/dependency.py
Outdated
Show resolved
Hide resolved
phlax
force-pushed
the
envoy.dependency.check-rename_cve-scanner
branch
2 times, most recently
from
a8b8824 to
26d9bba
Compare
phlax
changed the title
envoy.dependency.check[cves]envoy.dependency.check[cves]
| [ | ||
| [ | ||
| "CVE data downloaded from: NIST_URL" | ||
| "No CPE listed for: bazel_compdb" |
There was a problem hiding this comment.
hmm, not sure, good spot, ill look further
There was a problem hiding this comment.
so the removal is correct - it doesnt print that anymore in the info log (it has a debug log instead)
There was a problem hiding this comment.
and yep, its not an addition, its just the diff from removing the first log - so i think it is correct
There was a problem hiding this comment.
since the name is no_fail.json and the log does not match with that, I was confused
There was a problem hiding this comment.
i think i called it that because it wasnt a total failure - but the paths where this is the outcome have that log.info in the output
its kinda no_fail_but_no_anything_else_either
| catches=[exceptions.CVECheckError]) | ||
| async def preload_cves(self) -> None: | ||
| async for download in self.cves.downloads: | ||
| self.log.debug(f"Preloaded cve data: {download}") |
There was a problem hiding this comment.
this is the debug log that was previously a log.info
| self, | ||
| dep: "abstract.ADependency") -> None: | ||
| if not dep.cpe: | ||
| self.log.info(f"No CPE listed for: {dep.id}") |
There was a problem hiding this comment.
this is the new log.info saying that the dep has no cve - im just wondering what this did before...
There was a problem hiding this comment.
|
LGTM. would wait for others to review |
phlax
force-pushed
the
envoy.dependency.check-rename_cve-scanner
branch
5 times, most recently
from
bf8d1b8 to
1c0d36d
Compare
Signed-off-by: Ryan Northey <ryan@synca.io>
phlax
force-pushed
the
envoy.dependency.check-rename_cve-scanner
branch
from
1c0d36d to
763cbb3
Compare
3 participants
Signed-off-by: Ryan Northey ryan@synca.io
This PR:
envoy.dependency.cve_scan->envoy.dependency.checkerror->warnon finding a bad CVE (this provides more flexibility)