-
In version 1.2 (http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html#_Toc493508771)
Section 6.11.1
It indicates that "Date" is an attribute, however in examples 61 and 62,…
-
Hi @rjb4standards,
here is rough draft, how an SBOM VDR could look like in CSAF:
```JSON
{
"document": {
"category": "sbom_vdr",
"csaf_version": "2.0",
"publisher": {
"ca…
-
Quick remarks
* The docker build failed for me .. had invested no time to debug it further,
* The manual build fails, too. I had to patch `build.gradle` o make it work.
```
diff --git a/build…
-
Hello TC,
In the course of integrating a CSAF trusted provider into the [Juice Shop](https://github.com/juice-shop/juice-shop/issues/2198), I encountered a reference to cryptographic material, `pub…
-
Currently, the `csaf_checker` accepts HTTP header redirects when checking for [requirement 9](https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#719-requirement-9-well-known-url-for-provi…
-
The TC received a [comment via its mailing list](https://lists.oasis-open.org/archives/csaf-comment/202402/msg00004.html):
> When considering how to reference SBOMs within CSAF documents, the quest…
-
From today's SPWG meeting, the current CVE JSON format (unsurprisingly) almost implements VEX, as defined here:
https://www.cisa.gov/sites/default/files/2023-04/minimum-requirements-for-vex-508c.pd…
-
The involvements section https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#3237-vulnerabilities-property---involvements seems unclear to me about how you would identify the name of the vendo…
-
"product_id" defined in CSAF 2.0 is local within the document (as same as CVRF).
"product_id" defined in CSAF 2.0 can be unique and referenced outside CSAF document. This will help many stakeholder…
-
# What did you do? (required. The issue will be **closed** when not provided.)
I ran vuls on redhat 8.6 with curl 7.61.1-22.el8_6.4 installed
# What did you expect to happen?
I expected to get 0:…