-
### Description
CSAF, or Common Security Advisory Framework, is a standardized format for documenting and sharing security advisories and vulnerabilities in an automated way. It provides a structured…
-
It looks like no files are checked if the `csaf_checker` should investigate the current year only.
Steps to reproduce:
Use the `csaf_checker` on a valid CSAF trusted provider with the option `-t 2…
-
A CDN provider suggested to publish a short article / best practice / guidance document on what CSAF providers need to think about when they use a CDN for distribution. Here are the suggestions:
- …
-
Currently, the Checker only checks whether Requirements 11-14 (directory listing based distribution) or 15-17 (ROLIE feed based distribution) are successful when evaluating a trusted providers success…
-
Currently we implemented CSAF as trusted provider.
The [description for csaf providers](https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html#722-role-csaf-provider) states:
`satisfie…
-
We could add an option to the `csaf_checker` and `csaf_downloader` to work with API keys transported as HTTP header.
-
### Use case
There are CSAF Publishers, which do not qualify as Providers. Nevertheless, they provide valuable information.
The admin of an aggregator therefore wants to collect the advisories fro…
-
For a correct CSAF Trusted Provider, only one method of providing several things is needed.
It would be nice to have an option to only publish as ROLIE and to have this option being activated by de…
-
We already have some new tools available. They are still work in progress but already usable:
- [CSAF trusted provider](https://github.com/csaf-poc/csaf_distribution) => csaf_provider + csaf_uploader…
-
The value of `role` in `provider-metadata.json` should be `csaf_trusted_provider` by default.