Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix : Added Pipeline to detect Reserved/Non-Existent CVEs #1817

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix : Added Pipeline to detect Reserved/Non-Existent CVEs #1817

wants to merge 1 commit into from
+190 −0

Conversation

Dedsec0098
Copy link

Fix #1778

Changes Made :

  1. Added a pipeline that will properly handles CVE and check its status against the MITRE API

  2. Updated Github actions to fix incorrectly marked CVEs by running it periodically

@Dedsec0098
Added Pipeline to detect Reserved/Non-Existent CVEs Signed-off-by: S…

Verified

This commit was signed with the committer’s verified signature.
targos Michaël Zasso
GPG key ID: 770F7A9A5AE15600
Verified
Learn about vigilant mode
Loading
Loading status checks…
33c9bc4 
…hrish Mishra [email protected]

Signed-off-by: Shrish0098 <[email protected]>
@Dedsec0098
Copy link
Author

@keshav-space I have added a pipeline that detects the reserver/non-existent CVEs and also I have added a github / workflows to run the check periodically ( Sunday 2:00 Am UTC ). Please let me know if my approach towards solving this problem is correct or not.

keshav-space
keshav-space requested changes Mar 20, 2025
View reviewed changes
Copy link
Member

@keshav-space keshav-space left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Dedsec0098 Is there any need to run this CI https://github.com/aboutcode-org/vulnerablecode/blob/33c9bc406ce06f5e5bbc6edcc14e2f39086115e3/.github/workflows/check-mitre-api.yml? Have you ever bothered running VulnerableCode locally on your machine?

@keshav-space keshav-space added the vibe-code Completely AI-generated code label Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keshav-space keshav-space

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
vibe-code Completely AI-generated code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pipeline to detect Reserved/Non-Existent CVEs
2 participants
@Dedsec0098 @keshav-space