-
I'm not sure what the issue is, but fetching the CSAF entries from Microsoft fails in a weird way: [downloader.log](https://github.com/user-attachments/files/17816521/downloader.log)
```
{"time":"…
-
Both Flags ( -n , --nostore ) are not working. Help-Menu or Implementation is currently wrong.
Examples:
```
csaf_downloader.exe -n www.siemens.com
unknown flag `n'
2023/09/08 13:40:33 error:…
-
During implementation of https://github.com/csaf-poc/csaf_distribution/, especially the checker, aggregator and downloader part, our team at Intevation found that CSAF standard and tool implementors c…
-
The configuration options as defined in https://github.com/gocsaf/csaf/blob/main/cmd/csaf_downloader/config.go are not reflected correctly in the downloader docs (which e.g. lists the --log_level flag…
-
It seems that some providers, e.g. RedHat do some rate limiting and also limit concurrent connections.
-
Using csaf_distribution-v2.1.0-gnulinux-amd64: when downloading from redhat.com
the signatures do not verify.
```bash
curl -L -O https://github.com/csaf-poc/csaf_distribution/releases/download/v2…
-
Currently ("version": "2.1.1-100-g540d02d"), the `csaf_checker` validates CSAF (trusted) providers even if the `distributions` array is missing in the PMD. However, in that case the the requirements 1…
-
### Current Behavior
Some commercial software vendors provide advisory information in CSAF 2.0 format. These include RedHat and Oracle, among others. There isn't currently a good way to identify vu…
-
Currently, we need to find a valid PMD to run the checks. However, that does not help the user, if he made a mistake in creating the PMD. We should provide more insights (JSON parse, JSON schema valid…
-
The `csaf_checker` fails on `tibco.com` and `www.tibco.com`, but they provide a PMD at `https://www.tibco.com/.well-known/csaf/provider-metadata.json`. We need to investigate why.