Skip to content

Fix pulp-cli commands on vuln report docs #1255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pedro-psb wants to merge 1 commit into
base: main
Choose a base branch
from
+16 −7
Open

Fix pulp-cli commands on vuln report docs #1255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGES/+fix-vuln-report-cli-commands.doc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Fixed CLI commands in the vulnerability report documentation to use `pulp repository version scan`.
The command previously shown there (`pulp vulnerability-report create`) doesn't exit.
21 changes: 14 additions & 7 deletions docs/user/guides/vulnerability_report.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
# Vulnerability Report

Pulp Python provides vulnerability scanning capabilities to help you identify known security
vulnerabilities in your Python packages. This feature integrates with the [Open Source Vulnerabilities (OSV)](https://osv.dev/)
vulnerabilities in your Python packages.
This feature integrates with the [Open Source Vulnerabilities (OSV)](https://osv.dev/)
database to scan Pulp `RepositoryVersions` for vulnerable packages.

!!! info "New in `pulp_python>=3.21.0`"
!!! info "New in `pulp-cli>=0.37.0` (optional)"

## Prerequisites

Before generating the vulnerability report, ensure that:
Expand All @@ -13,11 +17,14 @@ Before generating the vulnerability report, ensure that:

## Generating a vulnerability report

To scan a `RepositoryVersion` for vulnerabilities, you need to pass the name of the repository and
optionally the version:
To scan a `RepositoryVersion` for vulnerabilities, call the `scan` command on a repository version.

```bash
pulp vulnerability-report create --repository my-repo --version 1
# Use the latest version
pulp python repository version scan --repository my-repo

# Or specify a version
pulp python repository version scan --repository my-repo --version 1
```

## Understanding Scan Results
Expand Down Expand Up @@ -70,7 +77,7 @@ To view the actual vulnerability data, retrieve the vulnerability report:

```bash
# Get vulnerability report details
pulp vulnerability-report show --href ${VULN_REPORT_HREF}
pulp show --href ${VULN_REPORT_HREF}
```

The report contains detailed information about each vulnerability, including:
Expand Down Expand Up @@ -101,9 +108,9 @@ pulp python repository sync \
--remote pypi-remote

# 4. Scan for vulnerabilities
pulp vulnerability-report create --repository security-scan-repo
pulp python repository version scan --repository security-scan-repo

# 5. View the vulnerability report
VULN_REPORT=$(pulp python repository version show --repository security-scan-repo | jq -r '.vuln_report')
pulp vulnerability-report show --href $VULN_REPORT

@pedro-psb pedro-psb Jun 12, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pulp vulnerability-report show exists, but it can't handle the href with query arguments returned by repository version show. It only handles a single vuln report href (actually it also has a bug that it accepts almost any single resource href, pretty much like pulp show).

pulp show --href $VULN_REPORT
```