Skip to content

Commit

Permalink
remove vulnix scan when creating vulnerabilities section for CycloneD…
Browse files Browse the repository at this point in the history
…X SBOMs

Signed-off-by: andrew-myer <[email protected]>
  • Loading branch information
andrew-myer committed Oct 17, 2024
1 parent 2e910af commit 0f50802
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions src/sbomnix/sbomdb.py
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,6 @@ def to_cdx(self, cdx_path, printinfo=True):
df_vulns = None
if self.include_vulns:
scanner = VulnScan()
scanner.scan_vulnix(self.target_deriver, self.buildtime)
# Write incomplete sbom to a temporary path, then perform a vulnerability scan
with NamedTemporaryFile(
delete=False, prefix="vulnxscan_", suffix=".json"
Expand All @@ -226,7 +225,7 @@ def to_cdx(self, cdx_path, printinfo=True):
cdx["vulnerabilities"] = []
# Union all scans into a single dataframe
df_vulns = pd.concat(
[scanner.df_grype, scanner.df_osv, scanner.df_vulnix],
[scanner.df_grype, scanner.df_osv],
ignore_index=True,
)
if df_vulns is not None and not df_vulns.empty:
Expand All @@ -240,16 +239,16 @@ def to_cdx(self, cdx_path, printinfo=True):
as_index=False,
).agg({"scanner": pd.Series.unique})
# Do a join so we have access to bom-ref
vulnix_components = pd.merge(
vuln_components = pd.merge(
left=vuln_grouped,
right=self.df_sbomdb,
how="left",
left_on=["package", "version"],
right_on=["pname", "version"],
)
for vuln in vulnix_components.itertuples():
vulnix_vuln = _vuln_to_cdx_vuln(vuln)
cdx["vulnerabilities"].append(vulnix_vuln)
for vuln in vuln_components.itertuples():
cdx_vuln = _vuln_to_cdx_vuln(vuln)
cdx["vulnerabilities"].append(cdx_vuln)
self._write_json(cdx_path, cdx, printinfo)

def to_spdx(self, spdx_path, printinfo=True):
Expand Down

0 comments on commit 0f50802

Please sign in to comment.