Mirrors/syft
2
0
Fork 0
mirror of https://github.com/anchore/syft synced 2024-11-10 06:14:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: Don't use the actual redis or grpc CPEs for gems (#1926)

Browse source 
Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
This commit is contained in:
Dan Luhring 2023-07-10 10:24:42 -04:00 committed by GitHub
parent 376c42893b
commit c0c089ffd5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
syft/pkg/cataloger/common/cpe/candidate_by_package_type.go
View file

@ -461,6 +461,17 @@ var defaultCandidateRemovals = buildCandidateRemovalLookup(
VendorsToRemove: []string{"gradle"},
},
},
// Ruby packages
{
pkg.GemPkg,
candidateKey{PkgName: "redis"},
candidateRemovals{ProductsToRemove: []string{"redis"}},
},
{
pkg.GemPkg,
candidateKey{PkgName: "grpc"},
candidateRemovals{ProductsToRemove: []string{"grpc"}},
},
})
// buildCandidateLookup is a convenience function for creating the defaultCandidateAdditions set