Fix grype not scanning C deps that dont have CPEs

2026-06-06 01:05:48 +02:00 · 2025-09-18 09:22:28 +05:30
parent c30f8cec46
commit 54368be554
2 changed files with 3 additions and 3 deletions
--- a/.github/workflows/ci.py
+++ b/.github/workflows/ci.py
@@ -222,7 +222,7 @@ def check_dependencies() -> None:
    dest = os.path.join(SW, 'macos')
    os.makedirs(dest, exist_ok=True)
    install_bundle(dest, os.path.basename(dest))
-    cmdline = [grype, '--by-cve', '--config', gc, '--fail-on', 'medium', '--only-fixed']
+    cmdline = [grype, '--by-cve', '--config', gc, '--fail-on', 'medium', '--only-fixed', '--add-cpes-if-none']
    if (cp := subprocess.run(cmdline + ['dir:' + SW])).returncode != 0:
        raise SystemExit(cp.returncode)
    # Now test against the SBOM
--- a/bypy/sources.json
+++ b/bypy/sources.json
@@ -65,11 +65,11 @@
    },

    {
-        "name": "libxml2 2.12.7",
+        "name": "libxml2 2.12.10",
        "spdx": "MIT",
        "unix": {
            "file_extension": "tar.xz",
-            "hash": "sha256:24ae78ff1363a973e6d8beba941a7945da2ac056e19b53956aeb6927fd6cfb56",
+            "hash": "sha256:c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995",
            "urls": ["https://download.gnome.org/sources/libxml2/{version_except_last}/{filename}"]
        }
    },