Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add VDT IT support: updated vulnerable package not reported as solved #4389

Merged
merged 6 commits into from
Aug 11, 2023
Merged

Add VDT IT support: updated vulnerable package not reported as solved #4389

merged 6 commits into from
Aug 11, 2023

Conversation

Deblintrake09
Copy link
Contributor

@Deblintrake09 Deblintrake09 commented Aug 3, 2023
edited
Loading

Related issue
#4045

Description

This Issue aims to add IT support to verify when a package is vulnerable to a CVE and updated to a version that is still vulnerable, there is no alert showing the vulnerability as solved

Added

  • Test module test_scan_updated_package_still_vulnerable.py

Testing performed

Tester Test path Jenkins Local OS Commit Notes
@Deblintrake09 (Developer) test_vulnerability_detector 🟢🟢🟢 ⚫⚫⚫ Centos manager 93d5702 Nothing to highlight
@user (Reviewer) ⚫⚫⚫ 🚫 🚫 🚫 Nothing to highlight

@Deblintrake09 Deblintrake09 self-assigned this Aug 3, 2023
@Deblintrake09 Deblintrake09 linked an issue Aug 3, 2023 that may be closed by this pull request
Add VDT does not report updated vulnerable packages as Solved IT support #4045
Closed
@Deblintrake09 Deblintrake09 mentioned this pull request Aug 3, 2023
Closed
mauromalara
mauromalara suggested changes Aug 3, 2023
View reviewed changes
Copy link
Contributor

@mauromalara mauromalara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great Job! 👏🏻

🗒️ Only a few changes are required.
⚠️ Please, run the tests in Jenkins with the updated branch after applying said changes.

..._detector/test_scan_results/data/test_cases/cases_scan_updated_package_still_vulnerable.yaml Outdated Show resolved Hide resolved
..._detector/test_scan_results/data/test_cases/cases_scan_updated_package_still_vulnerable.yaml Outdated Show resolved Hide resolved
mauromalara
mauromalara approved these changes Aug 4, 2023
View reviewed changes
Copy link
Contributor

@mauromalara mauromalara left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

@BelenValdivia
Copy link
Contributor

LGTM!

@Rebits Rebits merged commit cfd85dc into 4.7.0 Aug 11, 2023
4 checks passed
@Rebits Rebits deleted the 4045-vdt-package-still-vuln branch August 11, 2023 10:40
@Deblintrake09 Deblintrake09 mentioned this pull request Sep 8, 2023
Merged
@Deblintrake09
Copy link
Contributor Author

This development has already been merged into Master, new target. So no new PR needed.

Merged in ea84bee

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BelenValdivia BelenValdivia BelenValdivia approved these changes

@mauromalara mauromalara mauromalara approved these changes

Assignees

@Deblintrake09 Deblintrake09

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add VDT does not report updated vulnerable packages as Solved IT support
4 participants
@Deblintrake09 @BelenValdivia @mauromalara @Rebits