-
Currently ("version": "2.1.1-100-g540d02d"), the `csaf_checker` validates CSAF (trusted) providers even if the `distributions` array is missing in the PMD. However, in that case the the requirements 1…
-
There are many organizations out there leading the way publishing CSAF documents, even serving in the role as Trusted Providers. Could we add a page to the website (https://oasis-open.github.io/csaf-d…
-
Hello TC,
In the course of integrating a CSAF trusted provider into the [Juice Shop](https://github.com/juice-shop/juice-shop/issues/2198), I encountered a reference to cryptographic material, `pub…
-
We should clarify whether we expect signatures to be in ASCII or binary format or both should be accepted. Therefore, we need to figure out whether it make a difference for implementers.
-
We should add some examples for the distribution part to show the different options.
-
The `csaf_checker` should evaluate the `role` from the `provider-metadata.json` to determine the overall result of the check.
@bernhardreiter: Please check whether that is in scope, otherwise label…
-
We need to improve the error message for requirement 18, if only one hash is found: Currently, it reports the other one as missing and labels that as an error. This applies only, if the missing hash w…
-
To allow for easier testing, we should evaluate the test coverage of the code, find a way to automate it and raise it to at least 75% if necessary.
-
The `csaf_checker` fails on `tibco.com` and `www.tibco.com`, but they provide a PMD at `https://www.tibco.com/.well-known/csaf/provider-metadata.json`. We need to investigate why.
-
- [ ] dataflow configurable sending and receiving
- [ ] git hooks
Related:
- https://github.com/intel/dffml/pull/1061#discussion_r819930461
- https://intel.github.io/dffml/main/examples/webhook/…