Adding detection events for sonar-scanner-cli (#10981)

* Adding Advisory GHSA-6v67-2wr5-gvf4 for sonar-scanner-cli * Adding Advisory GHSA-pr98-23f8-jwxv for sonar-scanner-cli --------- Co-authored-by: octo-sts[bot] <[email protected]>
wolfi-dev · Dec 21, 2024 · 0dbc8a8 · 0dbc8a8
1 parent 8fca576
commit 0dbc8a8
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/sonar-scanner-cli.advisories.yaml b/sonar-scanner-cli.advisories.yaml
@@ -0,0 +1,41 @@
+schema-version: 2.0.2
+
+package:
+  name: sonar-scanner-cli
+
+advisories:
+  - id: CGA-4349-p8vf-24vc
+    aliases:
+      - CVE-2024-12801
+      - GHSA-6v67-2wr5-gvf4
+    events:
+      - timestamp: 2024-12-21T09:33:29Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: sonar-scanner-cli
+            componentID: 7f3804ca6b1ec1e1
+            componentName: logback-core
+            componentVersion: 1.5.8
+            componentType: java-archive
+            componentLocation: /usr/bin/sonarqube/sonarscanner-cli.jar
+            scanner: grype
+
+  - id: CGA-pj9w-3rqw-cv58
+    aliases:
+      - CVE-2024-12798
+      - GHSA-pr98-23f8-jwxv
+    events:
+      - timestamp: 2024-12-21T09:33:30Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: sonar-scanner-cli
+            componentID: 7f3804ca6b1ec1e1
+            componentName: logback-core
+            componentVersion: 1.5.8
+            componentType: java-archive
+            componentLocation: /usr/bin/sonarqube/sonarscanner-cli.jar
+            scanner: grype