Skip to content

Feature/372 create converter for pip audit vulnerabilities #387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ArBridgeman merged 25 commits into from
Mar 27, 2025
Merged

Feature/372 create converter for pip audit vulnerabilities #387

ArBridgeman merged 25 commits into from
Mar 27, 2025

Conversation

@ArBridgeman
Copy link
Collaborator

@ArBridgeman ArBridgeman commented Mar 25, 2025

Closes #372

ArBridgeman
ArBridgeman commented Mar 25, 2025
View reviewed changes
tkilias
tkilias reviewed Mar 25, 2025
View reviewed changes
@ArBridgeman ArBridgeman force-pushed the feature/372_create_converter_for_pip_audit_vulnerabilities branch from ebdbe4a to 2d879d2 Compare March 25, 2025 11:49
@ArBridgeman ArBridgeman requested a review from tkilias March 25, 2025 11:54
ckunki
ckunki requested changes Mar 25, 2025
View reviewed changes
@ArBridgeman
Rename to _parse_args so that the name better encompasses the scope o…
ce5980f 
…f the included actions
@ArBridgeman
Rename security functions associated with python to be more aptly nam…
14201ba 
…ed for the tool pip-audit
@ArBridgeman
Update changelog & docstrings to be more explicit about usage & word …
36d5ba8 
…choice
@ArBridgeman
Simplify identify_pypi_references with class-bound method & walrus-op…
cf8b381 
…erator
@ArBridgeman
Fix type and initial value for project in create_security_issue
a1dfbd5
@ArBridgeman
Choose which CVE to use based on sorted and initial value
dee2995 
- The current implementation chain parses a CVE from the title.
While we could initially send non-CVEs, the difficulty would
lie in updating the subsequent code to accomodate that.
- For more information, see #387 (comment)
@ArBridgeman
Remove dependency:audit from CI pipelines as unnecessary and reduce o…
378f702 
…ptions
ckunki
ckunki requested changes Mar 27, 2025
View reviewed changes
Copy link
Contributor

@ckunki ckunki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, the PR looks fine to me.
Thanks for addressing all the findings.

The only thing I'm still missing is a document about the strategy, the involved tools and formats incl. some references (links) to the places explaining more details or defining these items. As we needed quite some time clarifying these basic concepts I think, it's definitely worth having some documentation explaining the concepts to other readers or our future me's as well.

What do you think?

ckunki
ckunki reviewed Mar 27, 2025
View reviewed changes
ckunki
ckunki requested changes Mar 27, 2025
View reviewed changes
Copy link
Contributor

@ckunki ckunki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see my comments on the design document.

@ArBridgeman ArBridgeman requested a review from ckunki March 27, 2025 12:04
@ArBridgeman ArBridgeman merged commit fa52dcb into main Mar 27, 2025
33 checks passed
@ArBridgeman ArBridgeman deleted the feature/372_create_converter_for_pip_audit_vulnerabilities branch March 27, 2025 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ckunki ckunki ckunki approved these changes

@tkilias tkilias Awaiting requested review from tkilias

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

✨ Create converter for pip-audit vulnerabilities

4 participants

@ArBridgeman @tkilias @ckunki