project-kb icon indicating copy to clipboard operation
project-kb copied to clipboard
verified publisher icon SAP

new rule: commit msg refers to bug-tracking issue that mentions the vulnerability ID at hand

Open copernico opened this issue 4 years ago • 2 comments

Additional variant (as a separate rule): the bug-tracking issue contains security-related keywords

copernico avatar Sep 19 '21 16:09 copernico

As initial steps, this requires implementing the following:

  • knowing where to find bug-tracking issues for a given project (via a mapping table)
  • fetching and analyzing and storing the content of the bug-tracking issue in an attribute of the commit object

copernico avatar Sep 19 '21 17:09 copernico

Variant: the referenced resource contains 'security-related' keywords (that could help with #264)

copernico avatar Sep 22 '21 13:09 copernico