-
We [currently support](https://docs.chainloop.dev/reference/operator/contract#material-schema) CSAF_VEX. This task aims to add support for [other profiles](https://docs.oasis-open.org/csaf/csaf/v2.0/c…
-
### Description
CSAF, or Common Security Advisory Framework, is a standardized format for documenting and sharing security advisories and vulnerabilities in an automated way. It provides a structured…
-
On a few code platforms, only one License is shown. This makes sense if the License can be displayed that is the one where all code parts under different licenses are combined and compatible.
For e…
-
To make debugging easier we should show some build information in the client. Therefore, we want to show a build number of the client (#19) and the backend (#20) in the client. One possible place to d…
-
In the aggregator schema, we have a typo:
https://github.com/oasis-tcs/csaf/blob/5757eeb192f30dbf1752d15365e335c3408ce4df/csaf_2.0/json_schema/aggregator_json_schema.json#L178
lists `mirror` as …
-
* [x] change files new with isduba to `SPDX-License-Identifier: Apache-2.0`
* [x] licensing section on the front page, much like the csaf_distribution section, but give the copyright holder.
* …
-
Normally we'd chat about this in a monthly meeting but since I'm intending to cancel the one for December I figured I'd bring the discussion here.
The question is: What's on your cve-bin-tool wishl…
-
During the CSAF workshop one task was to use `csaf_checker` to download and validate CSAF documents. As we had multiple (more than 10) "domains", I was using the command like `csaf_checker dns1 dns2 d…
ctron updated
7 months ago
-
The Common Security Advisory Framework Version 2.0 is now an approved specification in the industry. Details about the specification can be found at: https://csaf.io and https://docs.oasis-open.org/cs…
-
Currently the time interval filtered downloads of advisories are using the publish date.
This should be replaced by using the last update time as this is a more recent and
better suited for delta do…