Complete and add remote_validator_client

gocsaf / csaf

Tools to download or provide CSAF (Common Security Advisory Framework) documents.

https://csaf.io

42 stars 25 forks source link

Complete and add remote_validator_client #258

Closed bernhardreiter closed 1 year ago

bernhardreiter commented 2 years ago

In branch https://github.com/csaf-poc/csaf_distribution/tree/remote_validator_client there is an experimental testing tool to ask a service like https://github.com/secvisogram/csaf-validator-service .

Would need some documentation, better command line options (like --version, long options) and displaying the diagnostic coming from the service, to make it part of the release.

s-l-teichmann commented 1 year ago

I gave this some thoughts:

To be more useful general, it would make sense to validate the local advisories against the JSON Schema, too. Given that it would be easier to the eye and more symmetrical to call the tool csaf_validator. The command line options to configure the remote validator can than also match the corresponding options in the the checker and the downloader.

PR #323 implements this.

bernhardreiter commented 1 year ago

We also need #326 as part of this issue.

s-l-teichmann commented 1 year ago

As #326 is solved by PR #327 this one should be done, too.