Closed puerco closed 1 year ago
When merging documents, any statements without any dates should inherit the document date. Currently, statements which don't have timestamps will be merged without dates, corrupting the VEX history.
Here is a sample merged doc:
{ "id": "vex-8a489e826e47a7a9bc8c4a7b37a2d8033360f06c29f65433d17794a881e2d735", "format": "text/vex", "author": "", "role": "", "timestamp": "2022-12-28T13:31:27.77315253-06:00", "statements": [ { "vulnerability": "CVE-1234-5678", "products": [ "pkg:apk/wolfi/git@2.39.0-r0?distro=wolfi", "pkg:apk/wolfi/git-daemon@2.39.0-r0?distro=wolfi", "pkg:apk/wolfi/git-email@2.39.0-r0?distro=wolfi" ], "status": "not_affected" } }
When merging documents, any statements without any dates should inherit the document date. Currently, statements which don't have timestamps will be merged without dates, corrupting the VEX history.
Here is a sample merged doc: