-
I noticed a massive drop in performance when running the CSAF import process. I don't have numbers yet, but I'll investigate.
In the SQL logs I noticed at of a "select then insert" patters again.
ctron updated
2 weeks ago
-
```[tasklist]
### Tasks
- [x] Create Github Action to publish a CSAF document for specific vulnerabilities
- [x] Sign and hash CSAF documents
- [x] Add legal disclaimer to CSAF documents
- [x] Ad…
-
- I ran the red hat sbom importers + the csaf importers for at least 5 minutes
- The I hit `GET /api/v1/package/b11f922a-6ab3-553f-b703-6fc65d0f1fe9` which corresponds to the package whose purl is `p…
-
The styling used in the upstream [csaf_webview](https://github.com/csaf-poc/csaf_webview/blob/0e584e5f989dd1f5b14ce033ae7ae68331708e3c/build/css/main.css) project was not integrated into ISDuBA. Becau…
-
reported by @mjherzog
We should add data in CSAF format from https://github.com/cisagov/CSAF
Note:
- there may be several devices we may not care for in these data
- https://github.com/oas…
-
Export the results of the vulnerabilities triage and processing as CSAF VEX document
-
Trying to attest an OCI chart ends up discovering an `STRING` material type, but it should be `HELM_CHART` instead.
Running it in debug mode:
```
> cl att add --value ghcr.io/chainloop-dev/charts:l…
-
The instrumentation is there -> https://oasis-open.github.io/csaf-documentation/tools.html which comes with a downloader: https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_downloader.m…
-
We need to add a conformance target for a converter that takes CSAF 2.0 as input and converts it into CSAF 2.1. That also requires that we formulate all conversion rules for each change.
-
Like many, I was very excited to explore the 5.1 release with purported support for package url. But it turned out to be just a couple of string attributes `versionType` and `version`, that can be use…