Merge branch 'main' into pop_cvss

intel · Jul 26, 2023 · e06cb52 · e06cb52
2 parents 1bb6dbe + e82d7ea
commit e06cb52
Show file tree

Hide file tree

Showing 26 changed files with 430 additions and 389 deletions.
diff --git a/.github/ISSUE_TEMPLATE/feat--new-checker-request-form.md b/.github/ISSUE_TEMPLATE/feat--new-checker-request-form.md
@@ -0,0 +1,24 @@
+---
+name: 'feat: new checker request form'
+about: Template for requesting a new binary checker
+title: 'feat: new checker [checker name]'
+labels: enhancement, good first issue
+assignees: ''
+
+---
+
+### Description
+
+* Website: WEBSITE_LINK_OF_THE_PRODUCT
+* CVEs: CVEDETAILS_PRODUCT_PAGE
+
+Many older products may have multiple NVD CPE  {vendor, product} pairs associated with them. We can figure out one set from the CVE list above, but if you know of others that need to be added add them here:
+* NVD CPE vendor(s): 
+* NVD CPE products(s): 
+
+
+### Checker creation links
+Instructions: [How to add a new checker to the CVE Binary Tool](https://github.com/intel/cve-bin-tool/blob/master/cve_bin_tool/checkers/README.md)
+
+We also have a [checker creation helper script](https://github.com/intel/cve-bin-tool/blob/main/cve_bin_tool/helper_script.py) that can get you started in making the checker.
+* [Helper script documentation](https://github.com/intel/cve-bin-tool/blob/main/cve_bin_tool/checkers/README.md#helper-script)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
       with:
         egress-policy: audit
 

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
       with:
         egress-policy: audit
 

diff --git a/.github/workflows/cve_bin_tool_action.yml b/.github/workflows/cve_bin_tool_action.yml
@@ -0,0 +1,17 @@
+name: CVE Binary Tool Scanner
+
+on:
+  push:
+  workflow_dispatch:
+
+permissions:
+  security-events: write
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: intel/cve-bin-tool-action@main
+        with:
+          nvd_api_key: '${{ secrets.NVD_API_KEY }}'
+          exclude_dir: test
diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml
@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/export_data.yml b/.github/workflows/export_data.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps: 
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -20,7 +20,7 @@ jobs:
         tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -21,7 +21,7 @@ jobs:
         python: ['3.8', '3.9', '3.10', '3.11']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+      uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
       with:
         egress-policy: audit
 

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -26,7 +26,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -56,7 +56,7 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -126,7 +126,7 @@ jobs:
       LONG_TESTS: 1
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -223,7 +223,7 @@ jobs:
       EXTERNAL_SYSTEM: 1
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -317,7 +317,7 @@ jobs:
       PYTHONIOENCODING: 'utf8'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 
@@ -387,7 +387,7 @@ jobs:
       PYTHONIOENCODING: 'utf8'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml
@@ -22,7 +22,7 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
         with:
           egress-policy: audit
 

diff --git a/doc/requirements.txt b/doc/requirements.txt
@@ -1,4 +1,4 @@
-Sphinx==7.0.1
+Sphinx==7.1.0
 sphinx_markdown_tables
 myst_parser==2.0.0
 sbom2doc