From 0dbc8a85ee334424137b04a265f487448e9156f8 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Sat, 21 Dec 2024 09:43:48 +0000
Subject: [PATCH] Adding detection events for sonar-scanner-cli (#10981)

* Adding Advisory GHSA-6v67-2wr5-gvf4 for sonar-scanner-cli

* Adding Advisory GHSA-pr98-23f8-jwxv for sonar-scanner-cli

---------

Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
---
 sonar-scanner-cli.advisories.yaml | 41 +++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 sonar-scanner-cli.advisories.yaml

diff --git a/sonar-scanner-cli.advisories.yaml b/sonar-scanner-cli.advisories.yaml
new file mode 100644
index 000000000..ad51367bf
--- /dev/null
+++ b/sonar-scanner-cli.advisories.yaml
@@ -0,0 +1,41 @@
+schema-version: 2.0.2
+
+package:
+  name: sonar-scanner-cli
+
+advisories:
+  - id: CGA-4349-p8vf-24vc
+    aliases:
+      - CVE-2024-12801
+      - GHSA-6v67-2wr5-gvf4
+    events:
+      - timestamp: 2024-12-21T09:33:29Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: sonar-scanner-cli
+            componentID: 7f3804ca6b1ec1e1
+            componentName: logback-core
+            componentVersion: 1.5.8
+            componentType: java-archive
+            componentLocation: /usr/bin/sonarqube/sonarscanner-cli.jar
+            scanner: grype
+
+  - id: CGA-pj9w-3rqw-cv58
+    aliases:
+      - CVE-2024-12798
+      - GHSA-pr98-23f8-jwxv
+    events:
+      - timestamp: 2024-12-21T09:33:30Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: sonar-scanner-cli
+            componentID: 7f3804ca6b1ec1e1
+            componentName: logback-core
+            componentVersion: 1.5.8
+            componentType: java-archive
+            componentLocation: /usr/bin/sonarqube/sonarscanner-cli.jar
+            scanner: grype