Skip to content

Improve vulnerability matching to consider potentially multiple resolutions #777

Description

@ckunki

Class VulnerabilityMatcher currently identifies vulnerabilities by package name and ID.

In reality, however,

  • for a given package & version,
  • there could be multiple unique vulnerability issues.
  • Each vulnerability might be resolved in multiple ways

Summary:

  • 1 (package-version combination): m (vulnerabilities)
  • m (vulnerabilities): n (resolved package-version combinations)

The current ticket therefore requests to

  • enhance the matching strategy of class VulnerabilityMatcher
  • Update tests and documentation accordingly -> think doc/user_guide/features/managing_dependencies.rst does not need to be updated

Metadata

Metadata

Assignees

Labels

featureProduct feature

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions