nix-security-tracker
nix-security-tracker copied to clipboard
Nix-Security-WG
Web service for managing information on vulnerabilities in software distributed through Nixpkgs
As the security tracker is likely the first to discover inconsistencies in Nixpkgs data, we may as well fix it. Depends on: - #225 - #7
In order to limit the system's ever-growing resource consumption: - [ ] Define a cut-off date and freeze issues that are associated with data older than that - [ ]...
Set up a central database for evaluations, input provided by Hydra directly
As encountered in the example of Nix-Security-WG/nix-local-security-scanner#22, there might be situations where we might want to assign a different severity based on context. In this case: the `w3m` advisory may...
We should have a full-system integration test to deploy a VM containing the new changes to test infrastructure.
When triaging a suggestion or editing a security record draft, I want to inspect the complete CVE description to understand what the issue is about. Depends on: - #203 -...
As a security team member, when triaging through uncategerorised CVEs, I want to be able to dismiss multiple CVEs at once, in the case of them not being relevant to...
As a security team member, I want to revisit suggestions that have been dismissed in the past. Depends on: - if we want to arrive there by filtering: https://github.com/nix-security-wg/nix-security-tracker/issues/200 -...
As a security team member, I want to be able to mark a suggested match as invalid. Depends on: - #203
As a security team member or package maintainer, when I notice that a security fix for a project was released by its authors, with one click I want to let...
Metadata
Owner
Metadata
Web service for managing information on vulnerabilities in software distributed through Nixpkgs