-
Make sure that prerequisites for building a current version are documented
consistently. They seem to be scattered and partly within scripts and partly in text.
One way would be to follow the exam…
-
In the models section, always include the regular expression where matching is required.
(sometimes you had "must be less than x characters long", sometimes you listed some of the items (like with th…
-
At the document level there is a Publisher sub-item. There are some use cases where a publisher does not write an advisory for all customers, but rather publishes it for each one with appropriate addi…
-
E.g. [android-chrome-192x192.png](https://github.com/csaf-poc/csaf_webview/blob/main/static/android-chrome-192x192.png) does not have a proper license. [android-chrome-192x192.png.license](https://git…
-
2.0 Committee Specification Draft 02 has
> 7.1.23 Requirement 23: Mirror
```json
"aggregator": {
"category": "aggregator",
```
to be more consistent renaming the category to `mirro…
-
I would like to propose adding a signature / pubkey field to the csaf_2.0/json_schema to provide non-repudiation and some level of integrity verification of the claim.
This way it will allow assur…
-
Why do we use an AJV with `strict=false` for the schema validation? Shouldn't the `strict_schema` be checked with the strict option?
@domachine: Something to discuss in the meeting.
-
Running Trustify locally in _PM Mode_
Trying to upload the _[ds1 CSAF Vex files for 2023](https://github.com/trustification/trustification/tree/main/data/ds1/csaf/file%253A%252F%252F%252F/2023)_
S…
-
### What is the URL of the page with the issue?
https://pkg.go.dev/about#adding-a-package
### What is your user agent?
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)…
-
In https://github.com/trustification/trustify/commit/d8ca36d6a5af74b307c4087a4d4a99652a5c2058
`/api/v1/vulnerability/{id}` now includes advisories and their statuses/packages.
```
{
"cwe": "…