bump grype-db to pull in v3 schema changes + ensure related vulns are not nil

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
2024-11-10 14:44:12 +00:00 · 2021-05-27 14:17:05 -04:00 · 2021-05-27 14:17:05 -04:00 · 80bb416daa
commit 80bb416daa
parent 1849d7eaea
3 changed files with 8 additions and 10 deletions
--- a/go.mod
+++ b/go.mod
@ -7,7 +7,7 @@ require (
 	github.com/adrg/xdg v0.2.1
 	github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04
 	github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca
-	github.com/anchore/grype-db v0.0.0-20210520150424-d5068175bf94
+	github.com/anchore/grype-db v0.0.0-20210527140125-6f881b00e927
 	github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6
 	github.com/anchore/syft v0.15.2-0.20210506190909-360eb74cc71c
 	github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible
@ -44,5 +44,3 @@ require (
 	gopkg.in/ini.v1 v1.57.0 // indirect
 	gopkg.in/yaml.v2 v2.3.0
 )
-
-replace github.com/anchore/grype-db => ../grype-db
--- a/go.sum
+++ b/go.sum
@ -122,12 +122,12 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca h1:rLyc7Rih769rYABQe4nBPt3jHJd/snBuVvKKGoy5HEc=
 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
+github.com/anchore/grype-db v0.0.0-20210527140125-6f881b00e927 h1:4DX6mymMdYIH1ptYEXZupij8x8AeNYR0Q9ILsqbE3nc=
+github.com/anchore/grype-db v0.0.0-20210527140125-6f881b00e927/go.mod h1:XSlPf1awNrMpah+rHbWrzgUvnmWLgn/KkdicxERVClg=
 github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6 h1:g9ZS2V/T0wxseccI4t1hQTqWBek5DVOQZOzzdWBjwnU=
 github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI=
-github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f h1:bFadyOLOkzME3BrZFZ5m8cf/b2hsn3aMSS9s+SKubRk=
-github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI=
-github.com/anchore/syft v0.15.3-0.20210524151556-2ca2f0350133 h1:37KItVunSU9vX8umE0PoH8SKZ+XR7itt2+DehSjxv9A=
-github.com/anchore/syft v0.15.3-0.20210524151556-2ca2f0350133/go.mod h1:5k4L4CA5ZFFmRdk64oj0AV1ZqvLFZVOpfCk8DfUOsVc=
+github.com/anchore/syft v0.15.2-0.20210506190909-360eb74cc71c h1:+ZGL3hHwPxBhQPEjyBU9rB5+tTVAOd8P6d3NMvpxSNM=
+github.com/anchore/syft v0.15.2-0.20210506190909-360eb74cc71c/go.mod h1:5k4L4CA5ZFFmRdk64oj0AV1ZqvLFZVOpfCk8DfUOsVc=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y=
--- a/grype/presenter/models/document.go
+++ b/grype/presenter/models/document.go
@ -44,14 +44,14 @@ func NewDocument(packages []pkg.Package, context pkg.Context, matches match.Matc
 			return Document{}, fmt.Errorf("unable to find package in collection: %+v", p)
 		}

-		relatedVulnerabilities := make([]VulnerabilityMetadata, len(m.Vulnerability.RelatedVulnerabilities))
-		for idx, r := range m.Vulnerability.RelatedVulnerabilities {
+		relatedVulnerabilities := make([]VulnerabilityMetadata, 0)
+		for _, r := range m.Vulnerability.RelatedVulnerabilities {
 			relatedMetadata, err := metadataProvider.GetMetadata(r.ID, r.Namespace)
 			if err != nil {
 				return Document{}, fmt.Errorf("unable to fetch related vuln=%q metadata: %+v", r, err)
 			}
 			if relatedMetadata != nil {
-				relatedVulnerabilities[idx] = NewVulnerabilityMetadata(r.ID, r.Namespace, relatedMetadata)
+				relatedVulnerabilities = append(relatedVulnerabilities, NewVulnerabilityMetadata(r.ID, r.Namespace, relatedMetadata))
 			}
 		}