Replies: 1 comment
-
|
For one, OSS Index dropped support for Debian artifacts, not DT to my
knowledge, either way it was unfortunate. I had updated our yocto builds
to generate debian purls but it was fraught due to debian naming of
components. I've settled on producing and converting our cpes to component
names found in NIST (e.g. libexpat1 to expat, libc6 to glibc, etc.).
purls in general have produced inferior results for us. Clearly that can
be more due to the operation generating the purl than DT itself but when
the Vuln sources DT is using don't support your ecosystem, cpes are the
better alternative.
…On Thu, Mar 23, 2023 at 11:55 AM Souhila99 ***@***.***> wrote:
Why dependency track used to mirror Debian vulnerability database and it stopped to support it ?
I tested by uploading an SBOM that contains affected Debian packages, the affected components are detected. How dependency track detect Debian vulnerabilities ?
—
Reply to this email directly, view it on GitHub
<#2619>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAG4CXV2INZN3Z64FGXZQPDW5R56TANCNFSM6AAAAAAWFPDVHA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Why dependency track used to mirror Debian vulnerability database and it stopped to support it ?
I tested by uploading an SBOM that contains affected Debian packages, the affected components are detected. How dependency track detect Debian vulnerabilities ?
Beta Was this translation helpful? Give feedback.
All reactions