search

dependabot / elixir-security-advisories

Old database of Elixir security advisories before the GitHub Security Advisory DB supported Hex / Elixir.
Other
151 stars 9 forks source link

Finalise advisory schema #1

Closed greysteil closed 6 years ago

greysteil commented 6 years ago

It will be a pain for integrators if we have to make changes to the advisory schema, so we should finalise it as early as possible.

I can't see any problems with the following, but am happy to hear from wiser minds who think I'm missing something:

Attribute Type Description
package String Name of the affected package.
disclosure_date Date Date the vulnerability was publicly disclosed (here or elsewhere).
cve String/Null (Optional) CVE assigned to the vulnerability.
link String Link to the original disclosure / more details.
title String Title of the vulnerability. This should be a (very) short description.
description String Description of the vulnerability.
patched_versions Array Array of Elixir requirement strings specifying patched versions.
unaffected_versions Array Array of Elixir requirement strings specifying unaffected versions.

Note: we can always add additional fields later.

greysteil commented 6 years ago

I will finalise the above on 1st May in the absence of any suggestions - no need to prolong uncertainty.

greysteil commented 6 years ago

Finalised!