nix-security-tracker
nix-security-tracker copied to clipboard
Nix-Security-WG
Web service for managing information on vulnerabilities in software distributed through Nixpkgs
As a contributor, in my development shell I want to conveniently override application settings, such as the org and teams to sync with. Currently one can't run the service locally...
Also I wrote down how to create a `SECRET_KEY` for Django. One thing left for me is to customise the `GH_ORGANIZATION` easily.
precommit is noisy, let users rebase the changes before the push via absorption.
Currently, it seems that shell development parameters are uniformized but incompatible with my developer stuff. I can hack it easily away, but on the long run, we should provide defaults...
Our main data object is what we currently call an "issue", but this is confusing if you don't know how the system works. Really what it is is a record...
This would help onboard contributors and might even help some users understand, why there is so much manual work involved in matching these records with Nix packages. Best thing I...
As a security team member, I want to inspect suggestions for state changes of a security record made by maintainers. TODO: Not sure this issue is required, needs discussion.
Collect data about the system in order to measure resource consumption and inform actions to keep it sustainable: - number of CVEs - number of derivations - number of evaluations...
In our ingested data, many CVE numbers appear multiple times since they seem to come from different sources. As a security team member, I want to only have to deal...
When editing a draft record, I want to inspect a package description to assess whether it's relevant for the issue at hand. - #208
Metadata
Owner
Metadata
Web service for managing information on vulnerabilities in software distributed through Nixpkgs