Skip to content

Add v2 pipeline collect OpenSSL advisory #2119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
keshav-space merged 3 commits into from
Jan 21, 2026
Merged

Add v2 pipeline collect OpenSSL advisory #2119

keshav-space merged 3 commits into from
Jan 21, 2026
+1,425 −11

Conversation

@keshav-space
Copy link
Member

@keshav-space keshav-space commented Jan 20, 2026
edited
Loading

resolves #2029

Pipeline execution log:

INFO 2026-01-20 13:21:17.659426 UTC Pipeline [OpenSSLImporterPipeline] starting
INFO 2026-01-20 13:21:17.659540 UTC Step [clone] starting
INFO 2026-01-20 13:21:17.659566 UTC Cloning `git+https://github.com/openssl/release-metadata/`
INFO 2026-01-20 13:21:19.723612 UTC Step [clone] completed in 2 seconds
INFO 2026-01-20 13:21:19.723759 UTC Step [collect_and_store_advisories] starting
INFO 2026-01-20 13:21:19.724607 UTC Collecting 234 advisories
INFO 2026-01-20 13:21:19.845817 UTC Progress: 10% (24/234) ETA: 1 seconds
INFO 2026-01-20 13:21:20.043505 UTC Progress: 20% (47/234) ETA: 1 seconds
INFO 2026-01-20 13:21:20.217587 UTC Progress: 30% (71/234) ETA: 1 seconds
INFO 2026-01-20 13:21:20.368386 UTC Progress: 40% (94/234) ETA: 1 seconds
INFO 2026-01-20 13:21:20.465835 UTC Progress: 50% (117/234) ETA: 1 seconds
INFO 2026-01-20 13:21:20.700927 UTC Progress: 60% (141/234) ETA: 1 seconds
INFO 2026-01-20 13:21:20.849650 UTC Progress: 70% (164/234)
INFO 2026-01-20 13:21:21.089389 UTC Progress: 80% (188/234)
ERROR 2026-01-20 13:21:21.116901 UTC Failed to parse OpenSSL version for: CVE-2007-5502 with error InvalidVersion("'fips-1.1.2' is not a valid <class 'univers.versions.OpensslVersion'>"):
Traceback (most recent call last):
  File "/vulnerablecode/vulnerabilities/pipelines/v2_importers/openssl_importer.py", line 110, in to_advisory_data
    affected_constraints, fixed_version = openssl.parse_affected_fixed(affected)
  File "/vulnerablecode/vulnerabilities/pipes/openssl.py", line 35, in parse_affected_fixed
    version=OpensslVersion(string=impact_upper),
  File "<attrs generated init univers.versions.Version>", line 7, in __init__
    self.__attrs_post_init__()
  File "/vulnerablecode/venv/lib/python3.10/site-packages/univers/versions.py", line 87, in __attrs_post_init__
    raise InvalidVersion(f"{self.string!r} is not a valid {self.__class__!r}")
univers.versions.InvalidVersion: 'fips-1.1.2' is not a valid <class 'univers.versions.OpensslVersion'>

INFO 2026-01-20 13:21:21.228971 UTC Progress: 90% (211/234)
INFO 2026-01-20 13:21:21.332617 UTC Progress: 100% (234/234)
INFO 2026-01-20 13:21:21.335515 UTC Successfully collected 234 advisories
INFO 2026-01-20 13:21:21.335569 UTC Step [collect_and_store_advisories] completed in 2 seconds
INFO 2026-01-20 13:21:21.335593 UTC Step [clean_downloads] starting
INFO 2026-01-20 13:21:21.335610 UTC Removing cloned repository
INFO 2026-01-20 13:21:21.338237 UTC Step [clean_downloads] completed in 0 seconds
INFO 2026-01-20 13:21:21.338278 UTC Pipeline completed in 4 seconds

Note

OpensslVersion do not support fips we have an issue for this here aboutcode-org/univers#41

TG1999
TG1999 approved these changes Jan 20, 2026
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@keshav-space
Add TODO to collect advisory credits
94a542a 
See: #2121

Signed-off-by: Keshav Priyadarshi <[email protected]>
@keshav-space keshav-space merged commit 96a52e8 into main Jan 21, 2026
10 checks passed
@keshav-space keshav-space deleted the openssl-v2 branch January 21, 2026 13:26
This was referenced Jan 21, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TG1999 TG1999 TG1999 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

VCIO-API-V2: Migrate OpenSSL importer to advisory V2

2 participants

@keshav-space @TG1999