Skip to content

Fixed cycledonedx parser #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 6, 2025
Merged

Fixed cycledonedx parser #102

merged 3 commits into from
Nov 6, 2025

Conversation

@Uzichow
Copy link
Contributor

@Uzichow Uzichow commented Sep 29, 2025
edited
Loading

Changes proposed in this pull request:

  • Add exception to the parser for cyclonedx and openvex to avoid errors when encountering exception in the json files of cyclonedx. (Field Justification "null" etc.)
  • ...

Status

  • READY
  • HOLD
  • WIP (Work-In-Progress)

How to verify this change

Be sure that the docker-compose file has the volume set for the cyclonedx export files.
Launch Vulnscout and on the "Vulnerabilites" or "Package" tab, you can filter the source by "CycloneDX" or "openvex(CycloneDX)

Pull Request Checklist

Please review and check all that apply before submitting your PR:

  • The code compiles and passes all tests
  • All new and existing tests are passing
  • Documentation has been updated (if applicable)
  • Code follows project style guidelines
  • No sensitive information is included
  • Linked relevant issues (if any)
  • Added necessary reviewers

@ValentinBoudevin
Copy link
Contributor

ValentinBoudevin commented Sep 30, 2025

Should be squash in a single commit. No need for 4 commits in the history

@Uzichow
cyclonedx.py: Fix the parser
9d50c96 
The parser wasn't working on cyclonedx for multiple reasons.
It stops when the "justification" field was null.
And when the reference was not correct in the file was not in the
dictionnary
@Uzichow
openvex.py: Fixe openvex to work with cyclonedx
641cece 
With cyclonedx files, openvex might crash because the cdx files do not
have all the times vulnerabilites assessments so add a condition to skip
it if it's the case
@Uzichow Uzichow force-pushed the Fixed-cycledonedx-parser branch from db30462 to 641cece Compare September 30, 2025 19:12
@ValentinBoudevin
Copy link
Contributor

ValentinBoudevin commented Oct 1, 2025

Cyclonedx parser still need some fixes as it didn't work with Torizon

@ValentinBoudevin
Copy link
Contributor

ValentinBoudevin commented Oct 9, 2025

TO BE MERGE AFTER v0.8.1

ValentinBoudevin
ValentinBoudevin approved these changes Nov 6, 2025
View reviewed changes
Copy link
Contributor

@ValentinBoudevin ValentinBoudevin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ValentinBoudevin ValentinBoudevin merged commit 1150d64 into savoirfairelinux:main Nov 6, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ValentinBoudevin ValentinBoudevin ValentinBoudevin approved these changes

@rehsfl rehsfl Awaiting requested review from rehsfl

@moh60 moh60 Awaiting requested review from moh60

@mrodriguezg1991 mrodriguezg1991 Awaiting requested review from mrodriguezg1991

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Uzichow @ValentinBoudevin