search

ZOSOpenTools / meta

Meta repository to tie together the various underlying z/OS Open Source tools repositories here
https://zosopentools.github.io/meta/
Apache License 2.0
37 stars 25 forks source link

Generate XML file for vulnerabilities RSS feed #794

Closed KeplerBoyce closed 2 weeks ago

KeplerBoyce commented 2 weeks ago

Generates an RSS XML file for package vulnerabilities alongside the vulnerabilities docs page.

This is what the XML file would look like if there were some vulnerabilities:

<?xml version="1.0" encoding="UTF-8" ?>
<rss version="2.0">

<channel>
<title>z/OS Open Tools Vulnerabilities</title>
<link>https://zosopentools.org/#/Vulnerabilities</link>
<description>Vulnerabilities in z/OS Open Tools Packages</description>

<item>
<title>caddy (Build 2215) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=caddy</link>
<description>1 medium vulnerability</description>
<guid isPermaLink="false">caddy (Build 2215) - (STABLE)</guid>
</item>

<item>
<title>logrotate (Build 2172) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=logrotate</link>
<description>1 medium vulnerability</description>
<guid isPermaLink="false">logrotate (Build 2172) - (STABLE)</guid>
</item>

<item>
<title>grafana (Build 2267) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=grafana</link>
<description>1 high vulnerability</description>
<guid isPermaLink="false">grafana (Build 2267) - (STABLE)</guid>
</item>

<item>
<title>grafana (Build 2266) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=grafana</link>
<description>2 vulnerabilities (1 critical, 1 high)</description>
<guid isPermaLink="false">grafana (Build 2266) - (STABLE)</guid>
</item>

</channel>

</rss>

Each package release is a separate item and each item has a unique GUID, so I believe users should be notified whenever a new package release with vulnerabilities comes out and shouldn't get repeat notifications when the XML file gets updated.

Also, I'm not sure how users actually subscribe to RSS feeds. Do we need to add it to some feed directories, or can people subscribe to it themselves if we provide the URL to the XML file?

IgorTodorovskiIBM commented 2 weeks ago

I use a browser plugin like this: https://chromewebstore.google.com/detail/rss-feed-reader/pnjaodmkngahhkoihejjehlcdlnohgmp . I just created a copy and it seems to work: https://raw.githubusercontent.com/IgorTodorovskiIBM/IgorTodorovski/main/feed.xml . Nice job!

I did notice that your branch is a bit oudated. You'll need to rebase or merge with main.

You can do a git fetch first, and then in your branch, you can do git rebase origin/main . And then you can do a git push --force.

v1gnesh commented 2 weeks ago

An accompanying blog post showing how to add RSS feeds to Outlook desktop app will be handy. Customers can do that. Individuals can use a feed reader such as Feedly, Newsblur, etc. It's not uncommon that browser extension maintainers are enticed by $, as companies want to buy the data they process :)

IgorTodorovskiIBM commented 2 weeks ago

Looks good, one last thing: can you add a link in the md file that points to the raw RSS xml file? That way users can click on it to get to the RSS feed