Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add snyk attribution and utm to CA response #754

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: add snyk attribution and utm to CA response #754

wants to merge 1 commit into from

Conversation

arajkumar
Copy link
Member

@arajkumar arajkumar commented May 21, 2021
edited
Loading

This PR adds snyk attribution and utm param for requests coming from Clair component. This is just a stop gap solution to unblock Quay 3.5.2 release.

Sample response

[
    {
        "package_unknown": false,
        "package": "github.com/slackhq/[email protected]/slackhq/nebula/cert",
        "version": "v1.1.0",
        "recommended_versions": "v1.3.0",
        "registration_link": "https://app.snyk.io/login",
        "vulnerability": [
            {
                "id": "SNYK-GOLANG-GITHUBCOMSLACKHQNEBULA-564380",
                "cvss": "7.5",
                "is_private": false,
                "cwes": [
                    "CWE-23"
                ],
                "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R",
                "severity": "high",
                "title": "Path Traversal (data source: https://snyk.io/vuln) Sign up at https://snyk.co/crda",
                "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSLACKHQNEBULA-564380?utm_medium=Partner&utm_source=RedHat&utm_campaign=Code-Ready-Analytics-2020&utm_content=vuln/golang:github.com%2Fslackhq%2Fnebula%40github.com%2Fslackhq%2Fnebula%2Fcert",
                "cve_ids": [
                    "CVE-2020-11498"
                ],
                "fixed_in": [
                    "1.2.0"
                ]
            }
        ],
        "message": "github.com/slackhq/[email protected]/slackhq/nebula/cert - v1.1.0 has 1 known security vulnerability having high severity. Recommendation: use version v1.3.0.",
        "highest_severity": "high",
        "known_security_vulnerability_count": 1,
        "security_advisory_count": 0
    }
]

Signed-off-by: Arunprasad Rajkumar [email protected]

@arajkumar arajkumar requested a review from prashbnair May 21, 2021 07:23
@arajkumar arajkumar self-assigned this May 21, 2021
@codecov-commenter
Copy link

Codecov Report

Merging #754 (e6e36d7) into master (3f6df57) will increase coverage by 0.22%.
The diff coverage is 92.50%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #754      +/-   ##
==========================================
+ Coverage   83.18%   83.41%   +0.22%     
==========================================
  Files          21       22       +1     
  Lines        1588     1628      +40     
==========================================
+ Hits         1321     1358      +37     
- Misses        267      270       +3
Impacted Files Coverage Δ
bayesian/api/api_v2.py 87.20% <60.00%> (-0.67%) ⬇️
bayesian/settings.py 86.36% <80.00%> (-1.88%) ⬇️
bayesian/utility/snyk.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3f6df57...e6e36d7. Read the comment docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prashbnair prashbnair Awaiting requested review from prashbnair

At least 1 approving review is required to merge this pull request.

Assignees

@arajkumar arajkumar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arajkumar @codecov-commenter