From a496e789b4ca0f7eaeee619dd16298d5cc7127fd Mon Sep 17 00:00:00 2001 From: andrew-myer <10202735+andrew-myer@users.noreply.github.com> Date: Thu, 17 Oct 2024 14:36:43 -0700 Subject: [PATCH] remove vulnix scan from vuln section for CDX Signed-off-by: andrew-myer <10202735+andrew-myer@users.noreply.github.com> --- src/sbomnix/sbomdb.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/sbomnix/sbomdb.py b/src/sbomnix/sbomdb.py index 22efcf6..54ff54a 100644 --- a/src/sbomnix/sbomdb.py +++ b/src/sbomnix/sbomdb.py @@ -215,7 +215,6 @@ def to_cdx(self, cdx_path, printinfo=True): df_vulns = None if self.include_vulns: scanner = VulnScan() - scanner.scan_vulnix(self.target_deriver, self.buildtime) # Write incomplete sbom to a temporary path, then perform a vulnerability scan with NamedTemporaryFile( delete=False, prefix="vulnxscan_", suffix=".json" @@ -226,7 +225,7 @@ def to_cdx(self, cdx_path, printinfo=True): cdx["vulnerabilities"] = [] # Union all scans into a single dataframe df_vulns = pd.concat( - [scanner.df_grype, scanner.df_osv, scanner.df_vulnix], + [scanner.df_grype, scanner.df_osv], ignore_index=True, ) if df_vulns is not None and not df_vulns.empty: @@ -240,16 +239,16 @@ def to_cdx(self, cdx_path, printinfo=True): as_index=False, ).agg({"scanner": pd.Series.unique}) # Do a join so we have access to bom-ref - vulnix_components = pd.merge( + vuln_components = pd.merge( left=vuln_grouped, right=self.df_sbomdb, how="left", left_on=["package", "version"], right_on=["pname", "version"], ) - for vuln in vulnix_components.itertuples(): - vulnix_vuln = _vuln_to_cdx_vuln(vuln) - cdx["vulnerabilities"].append(vulnix_vuln) + for vuln in vuln_components.itertuples(): + cdx_vuln = _vuln_to_cdx_vuln(vuln) + cdx["vulnerabilities"].append(cdx_vuln) self._write_json(cdx_path, cdx, printinfo) def to_spdx(self, spdx_path, printinfo=True):