-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OS Matching #33
OS Matching #33
Conversation
Signed-off-by: Benji Visser <[email protected]>
Signed-off-by: Benji Visser <[email protected]>
Signed-off-by: Benji Visser <[email protected]>
Signed-off-by: Benji Visser <[email protected]>
Signed-off-by: Benji Visser <[email protected]>
@witchcraze wondering if you had any thoughts here. You mentioned that you use an internal mapping to map EOL OS'. Wondering if this solution would be missing anything critical? |
Signed-off-by: Benji Visser <[email protected]>
Sorry, my approach was usging I did not check |
I checked
|
Yeah, that's what I've found as well. centos/redhat/amazon_linux/oracle are the main distros using CPE_NAME. I will need to create an OS mapping to get good coverage. Would not be good to miss Debian/Ubuntu/Suse |
@witchcraze added some speculative OS matching in #40 so it now works for any distro, even if they don't set CPE_NAME ubuntu
alpine
|
This PR add OS end of life matching. We now have CPE's in endoflife.date we can use, because of this PR. We grab the
Distro.CPEName
from syft, which picks up theCPE_NAME
property in/etc/os-release
.https://endoflife.date/fedora
There are a couple things to note about this PR:
SUPPORT_END
, this is tracked in Handle OSSUPPORT_END
instead of EOL dates from endoflife.date #35