milankowww
commented
2 years ago Hello, thanks for reaching out. At the first glance, this should be very easy to add, using only the existing functionality of Taranis NG.
First, the built-in template for vulnerability report (single item in a security advisory) might be modified to include exactly the fields that CSAF proposes (in TNG, the exact format of the report can be defined within gui and TNG supports any number of multiple formats simultaneously). This would allow users to collect the data into appropriate fields. This would possibly mimic the functionality of Secvisogram. I can see the structure of your report is quite versatile, but we do have some degree of freedom in our templates too, so there might be a nice overlap.
Second, a presenter template must be made to export these data structures to JSON in CSAF format, as well as publish them into nice PDFs or HTML.
At the moment we are focusing on different features but if you are willing to give it a try, I'd gladly help. Could you join our Slack using this Slack invite URL, so we can have a more straightforward chat?
Dear colleagues, the Common Security Advisory Framework (CSAF) has been developed in an international effort to create a standard for machine-processable security advisories. @BSI-Bund has provided a first tool, Secvisogram, to create and view CSAF documents. They are currently working to extend that with a backend to create a CSAF content management system. Maybe that's something that can be integrated into Taranis-NG...
Feel free to reach out, if you're interested.