From bb75766bc4a839edca36e350956d19d8c83c2405 Mon Sep 17 00:00:00 2001
From: Henri Rosten <henri.rosten@unikie.com>
Date: Wed, 4 Dec 2024 08:56:46 +0200
Subject: [PATCH] osv: Skip osv query if package version is unknown

OSV API now requires the package version and would return an error
status in case the package version is missing.

Signed-off-by: Henri Rosten <henri.rosten@unikie.com>
---
 src/vulnxscan/osv.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/vulnxscan/osv.py b/src/vulnxscan/osv.py
index 4d81a91..7318d18 100755
--- a/src/vulnxscan/osv.py
+++ b/src/vulnxscan/osv.py
@@ -97,6 +97,9 @@ def query_vulns(self, sbom_path):
         batchquery = {}
         batchquery["queries"] = []
         for drv in df_sbom.itertuples():
+            if not drv.version:
+                LOG.debug("skipping osv query (unknown version): %s", drv.name)
+                continue
             query = {}
             query["version"] = drv.version
             query["package"] = {}