-
The current version of `scores` doesn't reflect the relationship between the list of products and (CVSS-) scores correctly. I suggest the following changes:
- define an object which contains: "produ…
-
@tschmidtb51 suggests to revisit the CWE referencing in the CSAF. Should we allow place for the longer descriptions or should we stay with the CVRF v1.2 wa of clearly going for the CWE-ID matching the…
-
The schema should have an $id property.
"The $id property is a URI-reference that serves two purposes:
- It declares a unique identifier for the schema.
- It declares a base URI against which $ref…
-
The object "product_status" should have a least one property as stated in the specification of CVRF 1.2 (see CSAF-6.10-1).
-
The field "type" in items of the array "remediations" should be required as stated in the specification of CVRF 1.2 (see https://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html#…
-
The current version of the CSAF CVRF parser supports CVRF 1.2 (XML) only. It does not support the CSAF 2.0 JSON draft schema. This should be reflected in the README.md documentation.
-
https://www.suse.com/support/security/cvrf/
-
The fields "document":"tracking":"version" and "document":"tracking":"revision_history" are not listed as required in CSAF 2.0 (https://github.com/oasis-tcs/csaf/blob/master/sandbox/csaf_2.0/json_sche…
-
**Describe the bug**
There appears to be a significant number of advisories without version information. These advisories sometimes have linked bug pages with some affected versions on them, but this…
-
Looks like the CVSS information is not encoded using the recommended JSON format:
https://github.com/oasis-tcs/csaf/blob/2803752b3012bd7ad49f68acbc6cce0f78833835/sandbox/csaf_2.0/json_schema/csaf_jso…