Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Vulnerability data in XLSX output #1519

Open
mjherzog opened this issue Jan 7, 2025 · 1 comment
Open

Improve Vulnerability data in XLSX output #1519

mjherzog opened this issue Jan 7, 2025 · 1 comment
Assignees
@tdruez @DennisClark @johnmhoran
Labels
design-needed medium priority outputs This issue is related to one of the SCIO output files/

Comments

@mjherzog
Copy link
Member

mjherzog commented Jan 7, 2025

I ran the find_vulnerabilities add-on pipeline and then downloaded the XLSX output. The XLSX output had entries for the vulnerable packages in the affected_by_vulnerabilities field, but there are 2 significant problems:

  • In some cases there is a message: "The value of: affected_by_vulnerabilities has been truncated from: nnnnn to 32767 length to fit in an XLSX cell maximum length". In these cases there is no data. The truncated data would be more useful with some indicator that it is truncated.
  • The vulnerability information is one very long string - I could not figure out how to parse it in Excel with Text to Columns or similar.

The solution to both problems may be to create a new VULNERABILITIES sheet in the XLSX output. Vulnerabilities are a first-class data element so it seems reasonable to do this. The current affected_by_vulnerabilities field in the PACKAGES and DEPENDENCIES sheet could be repurposed as a yes/no flag so that the new VULNERABILITIES sheet could report PURLs from both the PACKAGES and DEPENDENCIES sheets.
@mjherzog mjherzog added design-needed medium priority outputs This issue is related to one of the SCIO output files/ labels Jan 7, 2025
tdruez added a commit that referenced this issue Jan 13, 2025
@tdruez
Improve XLSX output for Vulnerabilities #1519
8719906 
Signed-off-by: tdruez <[email protected]>
tdruez added a commit that referenced this issue Jan 13, 2025
@tdruez
Fix failing test #1519
1013766 
Signed-off-by: tdruez <[email protected]>
tdruez added a commit that referenced this issue Jan 13, 2025
@tdruez
Fix the "Un-mapped to/from resources" links #1519
74a1107 
Signed-off-by: tdruez <[email protected]>
tdruez added a commit that referenced this issue Jan 13, 2025
@tdruez
Improve XLSX output for Vulnerabilities #1519 (#1531)
1691bd1 
Signed-off-by: tdruez <[email protected]>
@tdruez
Copy link
Contributor

tdruez commented Jan 13, 2025

VULNERABILITIES sheet implemented in #1531

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tdruez tdruez

@DennisClark DennisClark

@johnmhoran johnmhoran

Labels
design-needed medium priority outputs This issue is related to one of the SCIO output files/
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tdruez @mjherzog @DennisClark @johnmhoran