osv: Skip osv query if package version is unknown

OSV API now requires the package version and would return an error status in case the package version is missing. Signed-off-by: Henri Rosten <[email protected]>
tiiuae · Dec 5, 2024 · bb75766 · bb75766
1 parent e1ccc85
commit bb75766
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/vulnxscan/osv.py b/src/vulnxscan/osv.py
@@ -97,6 +97,9 @@ def query_vulns(self, sbom_path):
         batchquery = {}
         batchquery["queries"] = []
         for drv in df_sbom.itertuples():
+            if not drv.version:
+                LOG.debug("skipping osv query (unknown version): %s", drv.name)
+                continue
             query = {}
             query["version"] = drv.version
             query["package"] = {}