Using the current (22.12.06) VCIO v31.0.0, I am not able to Package Search on name@version. Some examples:
- Search on "pkg:pypi/jinja2@2.11.3" returns one record
Search on "pypi/jinja2@2.11.3" returns none
Search on "jinja2@2.11.3" returns none
- Search on "pkg:rpm/redhat/expat@2.1.0-14" returns one record
Search on "pkg:rpm/redhat/expat@2.1.0" returns none
Search on "rpm/redhat/expat@2.1.0-14" returns none
Search on "expat@2.1.0-14" returns none
The documentation for the Package Search currently says: "Search for vulnerable packages by Package URL (aka. purl) such as pkg:maven/org.apache.logging.log4j/log4j@2.0 or purl prefix fragment such as pkg:alpine or by package name." I interpreted these to be examples not a list of 3 specific options.
There are two aspects to my use case:
- I would like to enter name@version without entering the "pkg:" or "pkg/type/' prefix for ease of use
- In some cases I would like to look up the same package name@version across different package types - e.g. alpine, deb and redhat.
We need to either enhance Package Search to handle more types of purl "fragments" or update the documentation to specify the syntax options.
Using the current (22.12.06) VCIO v31.0.0, I am not able to Package Search on name@version. Some examples:
Search on "pypi/jinja2@2.11.3" returns none
Search on "jinja2@2.11.3" returns none
Search on "pkg:rpm/redhat/expat@2.1.0" returns none
Search on "rpm/redhat/expat@2.1.0-14" returns none
Search on "expat@2.1.0-14" returns none
The documentation for the Package Search currently says: "Search for vulnerable packages by Package URL (aka. purl) such as pkg:maven/org.apache.logging.log4j/log4j@2.0 or purl prefix fragment such as pkg:alpine or by package name." I interpreted these to be examples not a list of 3 specific options.
There are two aspects to my use case:
We need to either enhance Package Search to handle more types of purl "fragments" or update the documentation to specify the syntax options.