Closed h4b4n3r0 closed 1 year ago
This is related to #284
@tschmidtb51: For Requirements 16 and 17, those currently only define what the ROLIE service document and ROLIE category document are, but the standard does not specify where these files should be located and is a bit unclear on the specific structure.
Our implementation assumes the ROLIE service document is located next to the provider-metadata.json, and the ROLIE category document is located next to their respective ROLIE feed document.
The tests are designed to work with documents designed like Example 131 and 134 respectively.
It may be beneficial to amend the standard with these informations.
Currently we implemented CSAF as trusted provider. The description for csaf providers states:
satisfies the requirements 11 to 14 in section 7.1 or requirements 15 to 17 in section 7.1
We implemented the requirements 15-17. However, the checker warns(12, 13) and errors (11, 14) about issues with requirements 11-14.The checker itself should be able to determine which ruleset is followed.