Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate Vanir #1227

Open
oliverchang opened this issue Sep 5, 2024 · 1 comment
Open

Integrate Vanir #1227

oliverchang opened this issue Sep 5, 2024 · 1 comment
Labels
backlog Important but currently unprioritized enhancement New feature or request

Comments

@oliverchang
Copy link
Collaborator

https://github.com/google/vanir is a system for

  • Generating signatures for source code patches
  • Detecting whether a local copy/fork of some code has patches applied, by using the signatures generated.

This seems very useful for the general C/C++ ecosystem, where vendoring/forking is very common. Today, our approach is to guess the closest upstream repository (tagged) commit, and key vulnerability matching based on vulnerable commit ranges (https://osv.dev/blog/posts/introducing-broad-c-c++-support/)

Vanir seems like an alternative approach that could work better.

@baekhyunwook
@oliverchang oliverchang added the enhancement New feature or request label Sep 5, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 4, 2024

This issue has not had any activity for 60 days and will be automatically closed in two weeks

See https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.

@github-actions github-actions bot added the stale The issue or PR is stale and pending automated closure label Nov 4, 2024
@andrewpollock andrewpollock added backlog Important but currently unprioritized and removed stale The issue or PR is stale and pending automated closure labels Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog Important but currently unprioritized enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oliverchang @andrewpollock