From a1471e5a679d469f4c3c68b05a59dabe50d7358c Mon Sep 17 00:00:00 2001 From: Ray Molenkamp Date: Tue, 18 Oct 2022 10:15:08 -0600 Subject: deps_builder: add triage for cve-bin-tool reports Add any CVE's we looked at into cve_check.csv.in with their triage status, i did CVE-2009-2940 as an example. The possible triage states are: NewFound Unexplored Confirmed Mitigated Ignored --- build_files/build_environment/cmake/cve_check.cmake | 2 +- build_files/build_environment/cmake/cve_check.csv.in | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/build_files/build_environment/cmake/cve_check.cmake b/build_files/build_environment/cmake/cve_check.cmake index dfb190bcffa..bd8f73a1e64 100644 --- a/build_files/build_environment/cmake/cve_check.cmake +++ b/build_files/build_environment/cmake/cve_check.cmake @@ -30,7 +30,7 @@ foreach (_variableName ${_variableNames}) list(GET CPE_LIST 3 CPE_VENDOR) list(GET CPE_LIST 4 CPE_NAME) list(GET CPE_LIST 5 CPE_VERSION) - set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION}\n") + set(SBOMCONTENTS "${SBOMCONTENTS}${CPE_VENDOR},${CPE_NAME},${CPE_VERSION},,,\n") endif() endforeach() configure_file(${CMAKE_SOURCE_DIR}/cmake/cve_check.csv.in ${CMAKE_CURRENT_BINARY_DIR}/cve_check.csv @ONLY) diff --git a/build_files/build_environment/cmake/cve_check.csv.in b/build_files/build_environment/cmake/cve_check.csv.in index 6e7e8db5609..bd7d8373c74 100644 --- a/build_files/build_environment/cmake/cve_check.csv.in +++ b/build_files/build_environment/cmake/cve_check.csv.in @@ -1,2 +1,3 @@ -vendor,product,version +vendor,product,version,cve_number,remarks,comment +python,python,3.10.8,CVE-2009-2940,Ignored,Does not apply to Blender we do not ship pygresql @SBOMCONTENTS@ -- cgit v1.2.3