Skip to content

fix: collect data from anchore #1805

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix: collect data from anchore #1805

wants to merge 4 commits into from

Conversation

Mughees2001
Copy link

@Mughees2001 Mughees2001 commented Mar 8, 2025
edited
Loading

@Mughees2001
fix: update sources.rst
6ffc5d0 
- Changed label from anchore to anchore_nvd_overrides to fix duplicate label issue
- Added anchore entry to the importer table

Signed-off-by: Mughees Ur Rehman <[email protected]>
@Mughees2001 Mughees2001 changed the title fix: xollect data from anchore fix: collect data from anchore Mar 8, 2025
@Mughees2001 Mughees2001 marked this pull request as draft March 8, 2025 12:40
@Mughees2001
feat: added imports
97e0f72 
Signed-off-by: Mughees Ur Rehman <[email protected]>
@Mughees2001
feat: added anchore_importer
03ab167 
Signed-off-by: Mughees Ur Rehman <[email protected]>
@Mughees2001 Mughees2001 marked this pull request as ready for review March 8, 2025 12:46
@Rishi-source
Copy link

Hi @Mughees2001 , The pipeline is not working as of now and throwing the error

Importing data using anchore_importer
INFO 2025-03-08 16:21:34.897 Pipeline [AnchoreImporterPipeline] starting
INFO 2025-03-08 16:21:34.897 Step [collect_and_store_advisories] starting
INFO 2025-03-08 16:21:35.118 Pipeline failed
INFO 2025-03-08 16:21:35.118 Running [on_failure] tasks
INFO 2025-03-08 16:21:35.119 Completed [on_failure] tasks in 0 seconds
404 Client Error: Not Found for url: https://raw.githubusercontent.com/anchore/nvd-data-overrides/main/overrides.yaml

Traceback:
  File "/Users/rishigarg/Downloads/pullreq2/vulnerablecode/vulnerabilities/pipelines/__init__.py", line 65, in execute
    step(self)
    ~~~~^^^^^^
  File "/Users/rishigarg/Downloads/pullreq2/vulnerablecode/vulnerabilities/pipelines/__init__.py", line 145, in collect_and_store_advisories
    estimated_advisory_count = self.advisories_count()
  File "/Users/rishigarg/Downloads/pullreq2/vulnerablecode/vulnerabilities/pipelines/anchore_importer.py", line 40, in advisories_count
    raw_data = self.fetch_data()
  File "/Users/rishigarg/Downloads/pullreq2/vulnerablecode/vulnerabilities/pipelines/anchore_importer.py", line 51, in fetch_data
    response.raise_for_status()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/Users/rishigarg/Downloads/pullreq2/vulnerablecode/venv/lib/python3.13/site-packages/requests/models.py", line 1024, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
CommandError: 1 failed!: anchore_importer

I would recommend you to always run you importer/improver if you have made a importer you should register it under importer only same with improver and some useful commands are python manage.py import --list this would return the list of all registered importers in cli same with improver python manage.py improve --list. Then after this to run a particular importer you can run python manage.py import REPLACE_WITH_IMPORTER_NAME and for improver you can run python manage.py import REPLACE_WITH_IMPROVER_NAME. If you want to run all registered importer or improver you can have python manage.py import --all or python manage.py improve --all respectively.

Rest I have to take a look on you code in order to find out what could be the possible error.

One error is sure that in line 49:

url = "https://raw.githubusercontent.com/anchore/nvd-data-overrides/main/overrides.yaml"

this url is returning 404 Not found which can be also be seen in the logging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Collect data from Anchore NVD overrides
2 participants
@Mughees2001 @Rishi-source