Closed enj closed 10 months ago
/lgtm
This has been a feature request that was made earlier here: https://github.com/kubernetes/sig-security/issues/97
We discussed this in the SIG Security call too today, and there were no concerns raised.
Only note I will make is we need to add a status field as a next step in the CVE feed
/approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: enj, PushkarJ
The full list of commands accepted by this bot can be found here.
The pull request process is described here
The
official-cve-feed
label is sufficient in filtering down to valid issues.@kubernetes/security-response-committee @kubernetes/sig-security-pr-reviews @PushkarJ
For example, currently https://github.com/kubernetes/kubernetes/issues/121879 is open and published to mitre but not included in the CVE feed which seems like the wrong approach. We do not add the
official-cve-feed
label until we fill out the issue details, so I do not think there is any need to wait until the issue is closed before including it in the feed.