Search for particular CVEs

Nix-Security-WG / nix-security-tracker

Web service for managing information on vulnerabilities in software distributed through Nixpkgs

34 stars 8 forks source link

Search for particular CVEs #177

Open fricklerhandwerk opened 2 months ago

fricklerhandwerk commented 2 months ago

As a member of the security team or a package maintainer, I want to be able to search for a particular CVE.

[ ] Show matching packages if a CVE is not triaged
[ ] Show linked security records on triaged CVEs

Depends on:

erictapen commented 2 months ago

Thinking about this more, I'm not even sure we need a suggestion for CVEs, as my current understanding of the triage workflow is, that the security team is only busy with working through all the new CVEs that are not marked yet.

So in the triage view, the primary concern would be to see a list of uncategorised CVEs that are assigned to a package one by one.

fricklerhandwerk commented 2 months ago

Indeed, for package maintainers we'd need the inverse view. Each package maintainer "knows" their packages, and they may want automatic suggestions for CVEs. Both security team and package maintainers should be able to search back and forth though.