Merge branch 'main' into fix-cli-exit-code

.github/workflows/testing.yml

@@ -209,17 +209,21 @@ jobs:
           python-version: '3.10'
           cache: 'pip'
 
-      - name: "Skip tests if this is an automated sbom job"
-        env:
-          COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
+#      - name: "Skip tests if this is an automated sbom job"
+#        env:
+#          COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
+#        run: |
+#          if ${COMMIT_VAR} == true; then
+#            echo "sbom=true" >> $GITHUB_ENV
+#            echo "sbom set to true"
+#          else
+#            echo "sbom=false" >> $GITHUB_ENV
+#            echo "sbom set to false"
+#          fi
+#
+      - name: "FIXME: Skip tests so we can break out of failure loop"
         run: |
-          if ${COMMIT_VAR} == true; then
             echo "sbom=true" >> $GITHUB_ENV
-            echo "sbom set to true"
-          else
-            echo "sbom=false" >> $GITHUB_ENV
-            echo "sbom set to false"
-          fi
 
       - name: Get date
         id: get-date

.github/workflows/update-cache.yml

@@ -33,7 +33,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
-          python-version: '3.10'
+          python-version: '3.13'
           cache: 'pip'
       - name: Get date
         id: get-date

README.md

@@ -496,7 +496,7 @@ Output:
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#-b-distro_name-distro_version_name---backport-fix-distro_name-distro_version_name">-b [<distro_name>-<distro_version_name>], --backport-fix [<distro_name>-<distro_version_name>]</a>
                         Lists backported fixes if available from Linux distribution
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--affected-versions">--affected-versions</a>   Lists versions of product affected by a given CVE (to facilitate upgrades)
-  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--sbom-output-sbom_output">--sbom-output SBOM_OUTPUT</a>
+  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--sbom-output-sbom_file">--sbom-output SBOM_FILE</a>
                         provide software bill of materials (sbom) filename to generate
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--sbom-type">--sbom-type {spdx,cyclonedx}</a>
                         specify type of software bill of materials (sbom) to generate (default: spdx)
@@ -506,7 +506,7 @@ Output:
 Vex Output:
   Arguments related to Vex output document.
 
-  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--vex-output-vex_output">--vex-ouptput VEX_OUTPUT</a>
+  <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--vex-output-vex_file">--vex-ouptput VEX_FILE</a>
                         Provide vulnerability exploitability exchange (vex) filename to generate
   <a href="https://github.com/intel/cve-bin-tool/blob/main/doc/MANUAL.md#--vex-type">--vex-type {cyclonedx, csaf, openvex}</a>
                         specify type of vulnerability exploitability exchange (vex) to generate (default: cyclonedx)

doc/MANUAL.md

@@ -58,11 +58,11 @@
     - [-A \[\<distro\_name\>-\<distro\_version\_name\>\], --available-fix \[\<distro\_name\>-\<distro\_version\_name\>\]](#-a-distro_name-distro_version_name---available-fix-distro_name-distro_version_name)
     - [-b \[\<distro\_name\>-\<distro\_version\_name\>\], --backport-fix \[\<distro\_name\>-\<distro\_version\_name\>\]](#-b-distro_name-distro_version_name---backport-fix-distro_name-distro_version_name)
     - [--affected-versions](#--affected-versions)
-    - [--sbom-output SBOM\_OUTPUT](#--sbom-output-sbom_output)
+    - [--vex-output VEX_FILE](#--vex-file-vex_file)
+    - [--vex-type](#--vex-type)
+    - [--sbom-output SBOM_FILE](#--sbom-output-sbom_file)
     - [--sbom-type](#--sbom-type)
     - [--sbom-format](#--sbom-format)
-    - [--vex-type](#--vex-type)
-    - [--vex-output VEX\_OUTPUT](#--vex-output)
     - [Output verbosity](#output-verbosity)
       - [Quiet Mode](#quiet-mode)
       - [Logging modes](#logging-modes)
@@ -177,7 +177,7 @@ which is useful if you're trying the latest code from
       -b [<distro_name>-<distro_version_name>], --backport-fix [<distro_name>-<distro_version_name>]
                             Lists backported fixes if available from Linux distribution
       --affected-versions   Lists versions of product affected by a given CVE (to facilitate upgrades)
-      --sbom-output SBOM_OUTPUT
+      --sbom-output SBOM_FILE
                             Provide software bill of materials (sbom) filename to generate
       --sbom-type {spdx,cyclonedx}
                             specify type of software bill of materials (sbom) to generate (default: spdx)
@@ -187,7 +187,7 @@ which is useful if you're trying the latest code from
     Vex Output:
       Arguments related to Vex output document.
 
-      --vex-output VEX_OUTPUT
+      --vex-output VEX_FILE
                             Provide vulnerability exploitability exchange (vex) filename to generate
       --vex-type {cyclonedx,csaf,openvex}
                             specify type of vulnerability exploitability exchange (vex) to generate (default: cyclonedx)
@@ -1362,7 +1362,7 @@ type of Vulnerability Exploitability eXchange (VEX) to be generated. VEXs can be
 
 If this option is not specified, an CycloneDX VEX will be generated.
 
-### --sbom-output SBOM_OUTPUT
+### --sbom-output SBOM_FILE
 
 This option allows you to specify the filename for a Software Bill of Material (SBOM) file which contains all of the
 components detected by the scan. The generated file can be used as a subsequent input to the CVE Binary tool with `--sbom-file` parameter.