Skip to content

feat(pkg/sbom/cpe.go): Add exception for gitlab-operator to avoid matching as gitlab-* package and gitlab product #1755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 5, 2025
Merged

feat(pkg/sbom/cpe.go): Add exception for gitlab-operator to avoid matching as gitlab-* package and gitlab product #1755

merged 1 commit into from
Sep 5, 2025

Conversation

philroche
Copy link
Member

Not all gitlab-* packages should be treated as GitLab, but most of them are - as seen in

if strings.HasPrefix(name, "gitlab-") {
		attr.Vendor = "gitlab"
		attr.Product = "gitlab"
		attr.SWEdition = "community"

		return &attr
	}

Added in 1c050aa

One notable exception is gitlab-operator, which is a Kubernetes operator
for managing GitLab installations, and not part of GitLab itself with
source @ https://gitlab.com/gitlab-org/cloud-native/gitlab-operator

Adding an explicit exception for this package to not match on gitlab-*

The reason for this change is because new gitlab-operator package was being matched with all older gitlab CVEs which is incorrect.

Signed-off-by: philroche [email protected]

@philroche
feat(pkg/sbom/cpe.go): Add exception for gitlab-operator to avoid mat…
b170501 
…ching as gitlab-* package and gitlab product

Not all gitlab-* packages should be treated as GitLab, but most of them are - as seen in

```
if strings.HasPrefix(name, "gitlab-") {
		attr.Vendor = "gitlab"
		attr.Product = "gitlab"
		attr.SWEdition = "community"

		return &attr
	}
```

Added in wolfi-dev@1c050aa

One notable exception is gitlab-operator, which is a Kubernetes operator
for managing GitLab installations, and not part of GitLab itself with
source @ https://gitlab.com/gitlab-org/cloud-native/gitlab-operator

Adding an explicit exception for this package to not match on `gitlab-*`

The reason for this change is because new gitlab-operator package was being matched with all older gitlab CVEs which is incorrect.

Signed-off-by: philroche <[email protected]>
@philroche philroche marked this pull request as ready for review September 5, 2025 16:05
@philroche philroche requested a review from luhring September 5, 2025 16:05
@philroche philroche mentioned this pull request Sep 5, 2025
Closed
luhring
luhring approved these changes Sep 5, 2025
View reviewed changes
Copy link
Member

@luhring luhring left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@luhring luhring enabled auto-merge September 5, 2025 16:08
@luhring luhring merged commit 54851ef into wolfi-dev:main Sep 5, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luhring luhring luhring approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@philroche @luhring