Closed tschmidtb51 closed 8 months ago
A rough draft in the development branch is in this component.
The parser has to be made more robust and there are several questions we should adress.
The result looks like this:
More at a later point in time.
We talked (in our status meeting ) about having the functionality of clickable links for CVEs and Products which link to the detailed view related parts of the document tree.
We talked (in our status meeting ) about having the functionality of clickable links for CVEs and Products which link to the detailed view related parts of the document tree.
Just to clarify: "document tree" => "CSAF document"
The total result is computed as a kind of maximum function where:
not affected < fixed < under_investigation < affected
The recommended
computation needs to be discussed:
Min
function: If it is set anywhere => set in total (this might be counter-intuitive)Sum
function: The number of times it is set => number of times it apprears in totalMax
function: Only set if status applies for all vulnerabilities (might never be set)Thoughts?
From a naive point of view I would expect solution (3) max
- reading "fully recommended".
I close here because the general requiremet is met. Speficis should be part of specific issues.
CSAF files can be quite complex. We should introduce as much help to the reader as we can. A table should be created to show the results:
Example given for 6 products and 3 vulnerabilities:
Symbols could be: :heavy_check_mark: fixed :warning: under_investigation :heavy_multiplication_x: known affected :heavy_minus_sign: not affected :green_heart: recommended