Skip to content

Commit

Permalink
Re-enable vulnix scan for CDX vulns
Browse files Browse the repository at this point in the history
Signed-off-by: Henri Rosten <[email protected]>
  • Loading branch information
henrirosten committed Nov 7, 2024
1 parent 5d10760 commit eec92a9
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/sbomnix/sbomdb.py
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,7 @@ def to_cdx(self, cdx_path, printinfo=True):
df_vulns = None
if self.include_vulns:
scanner = VulnScan()
scanner.scan_vulnix(self.target_deriver, self.buildtime)
# Write incomplete sbom to a temporary path, then perform a vulnerability scan
with NamedTemporaryFile(
delete=False, prefix="vulnxscan_", suffix=".json"
Expand All @@ -225,7 +226,7 @@ def to_cdx(self, cdx_path, printinfo=True):
cdx["vulnerabilities"] = []
# Union all scans into a single dataframe
df_vulns = pd.concat(
[scanner.df_grype, scanner.df_osv],
[scanner.df_grype, scanner.df_osv, scanner.df_vulnix],
ignore_index=True,
)
if df_vulns is not None and not df_vulns.empty:
Expand All @@ -242,7 +243,7 @@ def to_cdx(self, cdx_path, printinfo=True):
vuln_components = pd.merge(
left=vuln_grouped,
right=self.df_sbomdb,
how="left",
how="inner",
left_on=["package", "version"],
right_on=["pname", "version"],
)
Expand Down

0 comments on commit eec92a9

Please sign in to comment.