-
If I use `--version` on the `csaf_downloader` or `csaf_checker` (most likely also valid for other tools) it returns `0.0.0` but the `make` uses the correct one `go build -o bin-linux-amd64/ -ldflags …
-
PR #373 only checks the Requirements for the case the tested provider operates in ROLIE mode.
There has to be adjustments to do the same for e.g. index-based od dirlisting providers.
-
-
Requirement 6 reads:
Redirects SHOULD NOT be used. If they are inevitable only HTTP Header redirects are allowed.
Currently, we only allow HTTP Header redirects, but those cause the checker to fai…
-
Currently, the `csaf_checker` lists under requirement 2 only those filenames that do not conform the regex, e.g. `BSI-2022-0001`. However, it does not check whether it is correct based on the `/docume…
-
Currently we implemented CSAF as trusted provider.
The [description for csaf providers](https://docs.oasis-open.org/csaf/csaf/v2.0/cs03/csaf-v2.0-cs03.html#722-role-csaf-provider) states:
`satisfie…
-
While looking at issue #345 I ran into this
https://github.com/csaf-poc/csaf_distribution/actions/runs/4297499252/jobs/7490543962#step:4:320
@bernhardreiter Maybe an update of this test may hel…
-
https://github.com/csaf-poc/csaf_distribution/blob/1d0499ddeafe660fac747c2957ddf1f7d9812a6a/util/json.go#L113
looks suspicious. I would expect that the error should be returned here.
Self-assign…
-
Currently the checker issues at our side 3x success ("type": 0) for requirements 8, 9 and 10 with following messages:
"Performed no in-depth test of security.txt."
"Since no valid provider-metadat…
-
"version": "0.9.4-30-g0375e22",
If the provider-metadata.json is a non-valid json document, the following result is returned.
```
{
"num": 7,
"description": "provider-me…