Capture the dates for the last successful pull of each vunnel provider in the grype-db metadata.json file #255
Assignees
Labels
enhancement
New feature or request
Comments
willmurphyscode
pushed a commit
that referenced
this issue
Mar 27, 2024
Bumps [pytest-picked](https://github.com/anapaulagomes/pytest-picked) from 0.4.6 to 0.5.0. - [Release notes](https://github.com/anapaulagomes/pytest-picked/releases) - [Changelog](https://github.com/anapaulagomes/pytest-picked/blob/dev/CHANGELOG.md) - [Commits](anapaulagomes/pytest-picked@0.4.6...v0.5.0) --- updated-dependencies: - dependency-name: pytest-picked dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
Fixed by #292 |
|
I'm re-opening this since the PR that implemented this was reverted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Capture the dates of each individual providers last successful run in the grype-db metadata.json file
Why is this needed:
So downstream consumers of the published grypedb archive can understand how up-to-date data is for each indvidual provider
Additional context:
Currently any logic that needed to determine how stale vuln data is had to rely on the build date of the grype-db being the first date that any provider failed (which changes with #251 ) or needed access to the raw metadata files of the vunnel workspaces. This will allow for anything that has access to the grypedb archive to have more fine-grained details with per-provider dates and no horrible hacks around the grypedb build date
The text was updated successfully, but these errors were encountered: