Start ingesting Conan Vulnerabilities
Problem to solve
We want to offer Dependency Scanning for Conan, but first we need to have vulnerabilities related to Conan packages in the database so that the scan can find items.
Intended users
Proposal
This issue is focused on adding Conan support to gemnasium-db
.
What does success look like, and how can we measure that?
First conan-related advisories are present in gemnasium-db
.
What is the type of buyer?
Links / references
Implementation Plan
-
Create MRs related to Conan packages -
Update the Yaml schema validation CI-job that is running on gemnasium-db
to validate incoming Conan advisories -
Update gemnasium-db
documentation with respect to the newly added package type
@NicoleSchwartz
Product Management -- no Release Post - until scanning and more vulns - reach out direct via account managers.
Current state
Alpha - limited vulnerabilities are ingested and we are working toward ingesting new ones as they arrive but we need users to move forward with Conan dependency scanning and start providing feedback to help us move from alpha.
Edited by Julian Thome