Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows vulnerability scanning #1672

Closed
ramizpolic opened this issue May 14, 2024 · 6 comments
Closed

Windows vulnerability scanning #1672

ramizpolic opened this issue May 14, 2024 · 6 comments
Labels
scanners Issues related to adding new scanners wontfix This will not be worked on

Comments

@ramizpolic
Copy link
Member

ramizpolic commented May 14, 2024
edited
Loading

Overview

The SBOM analyzer for Windows works and can collect details about user- and system- applications and updates. We should be able to perform vulnerability scanning on Windows-generated SBOM.

Windows vulnerability scanner can be implemented as a custom scanner plugin. Make sure to also add support for passing SBOM data from the Windows SBOM analyzer to the plugin.
@ramizpolic ramizpolic added the scanners Issues related to adding new scanners label May 14, 2024
@ramizpolic ramizpolic mentioned this issue May 14, 2024
Open
@tomerse-sg
Copy link

can be very useful!
do you know if it is planned to be open source as well?

@ramizpolic
Copy link
Member Author

Yup @tomerse-sg, all changes collected in our backlog tickets are changes that will be part of the open source codebase.

@tomerse-sg
Copy link

not sure it is accurate.
grype \ trivy doesn't know to find vulnerabilities for OS windows packages.. only .NET (in the open source version)

@ramizpolic ramizpolic reopened this Jun 15, 2024
@ramizpolic
Copy link
Member Author

will discuss this with the rest of the team on Monday and provide the details. thanks for addressing this @tomerse-sg

@tomerse-sg
Copy link

you can find some information on the challenge here

@ramizpolic
Copy link
Member Author

ramizpolic commented Jun 17, 2024
edited
Loading

we have discussed this and decided not to continue with it as it would require adding new services to the stack and extensive changes to our SBOM analyzer. if it's something you would like to use, feel free to create or contribute by writing a custom Windows Vulnerability Plugin scanner. the existing vulnerability scanning for Windows is good enough for us at the moment.

@ramizpolic ramizpolic added the wontfix This will not be worked on label Jun 17, 2024
@ramizpolic ramizpolic reopened this Jun 17, 2024
@ramizpolic ramizpolic changed the title Windows vulnerability scanning from SBOM Windows vulnerability scanning Jun 17, 2024
@ramizpolic ramizpolic closed this as not planned Won't fix, can't repro, duplicate, stale Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scanners Issues related to adding new scanners wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ramizpolic @tomerse-sg