csaf_distribution
csaf_distribution copied to clipboard
csaf-poc
Tools to download or provide CSAF (Common Security Advisory Framework) documents.
* change generate_cvss_enums.go to note that the input file is relevant for the license. * change license and copyright of cvss20enums.go and cvss3enums.go to BSD-3-Clause and FIRST. * add reuse.software...
To facilitate more usage of CSAF, how would a go library have to be constructed to be able to help implementors to access the contents of the advisories? ### potential...
If it is attempted to get the `provider-metadata.json` from `https://csaf.data.security."` because the previous attempts from other locations failed, all error messages from the previous attempts are dropped. The issue is...
As mentioned in https://github.com/csaf-poc/csaf_distribution/issues/367, we are currently trying to integrate this repository into our Clouditor open-source cloud security solution (see https://github.com/clouditor/clouditor/issues/1414 for more information). Basically, we could make use of...
Looking at e.g. https://github.com/csaf-poc/csaf_distribution/blob/main/csaf/generate_cvss_enums.go, this will generate another file using the MIT License. Should generated files also use the Apache2.0 License and should this be changed as a part of...
A domain can have several provider-metadata.json (PMD) files (which each in turn can have several directory and ROLIE feeds). To expose the discovery part of downloading, to be used by...
Using structured logging as introduced with #530 is an advantage but removing `--verbose` may be considered an API change and thus would trigger a major release (e.g. 4), maybe changing...
## What Fix: don't drop error messages from loading provider-metadata.json Additionally removed the duplicate check of provider metadata candidates retrieved from `security.txt`. ## Why Previously in case of trying last...
Currently, the `csaf_checker` does not report if one of the fields in a `changes.csv` is not quoted. Can we change that to report this violation?
