Closed tschmidtb51 closed 8 months ago
ThomasJunk
commented
10 months ago A rough draft in the development branch is in this component.
The parser has to be made more robust and there are several questions we should adress.
The result looks like this:
More at a later point in time.
ThomasJunk
commented
10 months ago We talked (in our status meeting ) about having the functionality of clickable links for CVEs and Products which link to the detailed view related parts of the document tree.
tschmidtb51
commented
10 months ago We talked (in our status meeting ) about having the functionality of clickable links for CVEs and Products which link to the detailed view related parts of the document tree.
Just to clarify: "document tree" => "CSAF document"
tschmidtb51
commented
10 months ago The total result is computed as a kind of maximum function where:
not affected < fixed < under_investigation < affectedThe recommended computation needs to be discussed:
Min function: If it is set anywhere => set in total (this might be counter-intuitive)Sum function: The number of times it is set => number of times it apprears in totalMax function: Only set if status applies for all vulnerabilities (might never be set)Thoughts?
ThomasJunk
commented
10 months ago From a naive point of view I would expect solution (3) max - reading "fully recommended".
ThomasJunk
commented
8 months ago I close here because the general requiremet is met. Speficis should be part of specific issues.
CSAF files can be quite complex. We should introduce as much help to the reader as we can. A table should be created to show the results:
Example given for 6 products and 3 vulnerabilities:
Symbols could be: :heavy_check_mark: fixed :warning: under_investigation :heavy_multiplication_x: known affected :heavy_minus_sign: not affected :green_heart: recommended