cgi1
commented
2 years ago Added special case from 9.1.5 Conformance Clause 5: CVRF CSAF converter
Closed sustefil closed 2 years ago
cgi1
commented
2 years ago Added special case from 9.1.5 Conformance Clause 5: CVRF CSAF converter
cgi1
commented
2 years ago added newly/changed elements from 1.2 -> 2.0 spec.
Part of EPIC #10
CVRF 1.1 view
changed 1.2 -> 2.0 spec
E.1 Newly introduced elements
/product_tree/*/product/product_identification_helper: Provides at least one method which aids in identifying the product in an asset database. It was introduced to group different ways to identify a product//product_tree/*/product/product_identification_helper/hashes: Contains a list of cryptographic hashes usable to identify files./product_tree/*/product/product_identification_helper/purl: The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification./product_tree/*/product/product_identification_helper/sbom_urls: Contains a list of URLs where SBOMs for this product can be retrieved./product_tree/*/product/product_identification_helper/serial_numbers: Contains a list of parts, or full serial numbers./product_tree/*/product/product_identification_helper/skus: Contains a list of parts, or full stock keeping units./product_tree/*/product/product_identification_helper/x_generic_uris: Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.E.2 Changed elements
Around 130 element changes are documented -->
/cvrf:cvrfdoc/prod:ProductTreeField definitions
3.2.2 Product Tree Property
/product_tree/relationships[]: If more than oneprod:FullProductNameinstance is given, the CVRF CSAF converter converts the first one into the full_product_name. In addition, the converter outputs a warning that information might be lost during conversion of product relationships. quoted here