feat: add CWEs field to VulnerabilityBlob to support weaknesses data from NVD #2904
Conversation
hasnatbashir
force-pushed
the
add-cwe-ids
branch
from
54d9665 to
3573227
Compare
…from NVD Signed-off-by: Hasnat Bashir <[email protected]> Signed-off-by: Hasnat Bashir <[email protected]>
…y Signed-off-by: Hasnat Bashir <[email protected]> Signed-off-by: Hasnat Bashir <[email protected]>
hasnatbashir
force-pushed
the
add-cwe-ids
branch
from
ff10fcf to
ad70791
Compare
…tency Signed-off-by: Hasnat Bashir <[email protected]>
There was a problem hiding this comment.
The goal here is to add a new CWEs table instead of adding CWEs to the vulnerability blob, that way we can use CWEs across multiple providers in theory (same way KEVs are portrayed, as their own table) ... see anchore/grype-db#644 (comment)
|
@wagoodman Thanks! Could you also clarify the representation? What should the schema look like, right now we just want to store a list of CWEs against CVE IDs Would a simple schema be sufficient? or should we use a blob format, like other handles, to keep it flexible in case we want to store additional fields in the future? |
Signed-off-by: Hasnat Bashir <[email protected]>
Signed-off-by: Hasnat Bashir <[email protected]>
Signed-off-by: Hasnat Bashir <[email protected]>
Signed-off-by: Hasnat Bashir <[email protected]>
|
@wagoodman can you please take a look again? |
|
@willmurphyscode Can you please take a look at this PR? Let me know if there are any other changes that are needed? |
Related issue: anchore/grype-db#644