-
As decided in the TC meeting on 2023-01-25 a written submission request is a requirement per OASIS liaison process.
-
To allow for easier testing, we should evaluate the test coverage of the code, find a way to automate it and raise it to at least 75% if necessary.
-
`date` fields inside a secvisogram document require the RFC3999 format.
When an incorrect string is entered the JSON-Editor displays a warning, but the document is still considered valid.
![image](h…
-
Hi,
the SUSE CVRF files contain cvss2 and cvss3 scores.
[cvrf-opensuse-su-2015:0225-1.xml](https://ftp.suse.com/pub/projects/security/cvrf1.2/cvrf-opensuse-su-2015:0225-1.xml)
```xml
…
-
There is an expectation when someone selects "under_investigation" that someone is actively investigating the issue (including the vendor). That is not necessarily true. In some cases, vendors will no…
-
Sometimes (e.g. for VEX) it is useful to link to a dedicated component in an SBOM instead of just pointing to the final product.
When using the `product_identification_helper` CSAF provides, you ca…
-
```
2024-09-17T15:31:14.737291Z ERROR trustify_module_fundamental::error: Query Error: error returned from database: cannot start subtransactions during a parallel operation
2024-09-17T15:31:14.…
-
Hi,
the `product` in CSAF might only be a library. Therefore, I feel it should be named `component`. Which is more generic.
As `product` is used a lot, a renaming might not be (easily) possibl…
-
Not sure this is a bug but surely I'd like to understand how to read it.
- Upload this advisory [rhsa-2024-2705.json](https://github.com/user-attachments/files/16286777/rhsa-2024-2705.json)
- Up…
-
Following comment was received during public review phase from @sparrell at https://lists.oasis-open.org/archives/csaf/202109/msg00000.html
> I’m passing on comments made at an NTIA SBOM meeting ye…