If you use the tool several times for the same input files with the same configuration and the same options, the output files should be identical, except for the generation date, which of course differs.
This is currently not the case for the affected product IDs, which are enriched when none are otherwise given.
If you use the tool several times for the same input files with the same configuration and the same options, the output files should be identical, except for the generation date, which of course differs.
This is currently not the case for the affected product IDs, which are enriched when none are otherwise given.
The culprit is this snippet: https://github.com/csaf-tools/CVRF-CSAF-Converter/blob/f094d91403ec804ab2a7a561fd3b89b6ee60d097/cvrf2csaf/section_handlers/vulnerability.py#L138-L146