Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update Oracle tracker to store advisory ID (ELSA ID) in database #484

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: update Oracle tracker to store advisory ID (ELSA ID) in database #484

wants to merge 1 commit into from
+108 −24

Conversation

santhosh1729
Copy link
Contributor

  • Modify Oracle tracker to include logic for saving advisory IDs (ELSA IDs) in the database.

@santhosh1729
feat: update Oracle tracker to store advisory ID (ELSA ID) in database
e8b371e 
- Modify Oracle tracker to include logic for saving advisory IDs (ELSA IDs) in the database.
DmitriyLewen
DmitriyLewen reviewed Jan 20, 2025
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @santhosh1729
Thanks for your work!

We are worried about size of trivy-db.
Can you check and write actual and new sizes for DBs?

Also i left 1 comment, take a look, please.

pkg/vulnsrc/oracle-oval/oracle-oval.go
for k, v := range latestVersions {
versionToArches[v] = append(versionToArches[v], k.Arch)
adv := versionToArches[v.FixedVersion]
adv.VendorIDs = v.VendorIDs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can be wrong for case when 2 advisories with same fixedVersion got from 2 different ELSA-IDs
e.g.

  • ELSA-xxxx-0001 - fixedVersion == 0.0.1, arch == amd64
  • ELSA-xxxx-0002 - fixedVersion == 0.0.1, arch == aarch64
    for this case entry will include only one ELSA-xxxx-0002 (or 0001)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps we need to create 2 different entries for this case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DmitriyLewen DmitriyLewen DmitriyLewen left review comments

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@santhosh1729 @DmitriyLewen