Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: do not include kernel module cataloger by default #1784

Merged
merged 5 commits into from
May 5, 2023
Merged

chore: do not include kernel module cataloger by default #1784

merged 5 commits into from
May 5, 2023

Conversation

kzantow
Copy link
Contributor

@kzantow kzantow commented May 4, 2023
edited
Loading

Some initial feedback about the linux kernel cataloger is that it can introduce quite a lot of findings, many or all of which do not have version information. This results in a lot of work for users to ascertain why there are many false positive vulnerability findings.

For now, it was decided to disable this cataloger by default (it can still be enabled with the --catalogers option and analogous yaml/env var configurations).

Fixes #1781

@kzantow
chore: do not include kernel module cataloger by default
02c3cd9 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
kzantow added 4 commits May 4, 2023 17:22
@kzantow
chore: update tests
72fbc79 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: update tests
a18c83e 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: update tests
7d02462 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow
chore: update tests
ae9a1b2 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow merged commit 354c72b into anchore:main May 5, 2023
@kzantow kzantow deleted the chore/disable-linux-kernel-cataloger-default branch May 5, 2023 13:54
This was referenced May 8, 2023
Closed
Merged
Closed
Merged
Closed
Closed
Closed
Closed
spiffcs pushed a commit that referenced this pull request May 10, 2023
@kzantow @spiffcs
chore: do not include kernel module cataloger by default (#1784)
15f4dbb
spiffcs added a commit that referenced this pull request May 10, 2023
@spiffcs
Merge branch 'main' into 1577-license-revamp
213d9a9 
* main:
  fix: Reduce log spam on unknown relationship type (#1797)
  chore(deps): update bootstrap tools to latest versions (#1807)
  chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 (#1802)
  chore(deps): bump github.com/docker/docker (#1795)
  chore(deps): bump github.com/google/go-containerregistry (#1796)
  chore(deps): update bootstrap tools to latest versions (#1792)
  Print package list when extra packages found (#1791)
  chore(deps): update bootstrap tools to latest versions (#1786)
  chore(deps): bump golang.org/x/term from 0.7.0 to 0.8.0 (#1787)
  Update the CPE generation for spring-security-core (#1789)
  chore: do not HTML escape PackageURLs (#1782)
  chore: do not include kernel module cataloger by default (#1784)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
This was referenced May 22, 2023
Merged
Closed
Closed
Closed
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
chore: do not include kernel module cataloger by default (anchore#1784)
bc99fac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

linux-kernel-cataloger produces thousands of version-less components.
2 participants
@kzantow @wagoodman