Create a JIRA layer - Githubissues

mrl5 / vulner

Discover CVEs for packages installed by the portage

Mozilla Public License 2.0

7 stars 1 forks source link

Create a JIRA layer #30

Open seemantk opened 2 years ago

seemantk commented 2 years ago

this is a Funtoo-specific request. It would be great if vulner could be the interface for security/cve bugs. The workflow I envision:

run vulner --recursive --jira on the meta-repo
for each CVE found: check if JIRA ticket exists. if not, create a new ticket
link each ticket to the CVEs.
When a JIRA ticket is closed with PR Merge, record the new -r revision

mrl5 commented 2 years ago

run vulner --recursive --jira on the meta-repo

@seemantk did you mean vulner scan --recursive --jira?

seemantk commented 2 years ago

yes, thank you

On Fri, Mar 4, 2022 at 2:26 PM Jakub Kołodziejczak @.***> wrote:

run vulner --recursive --jira on the meta-repo

@seemantk https://github.com/seemantk did you mean vulner scan --recursive --jira?

— Reply to this email directly, view it on GitHub https://github.com/mrl5/vulner/issues/30#issuecomment-1059576727, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAEP3V6JUYWFOQAQIVWPVA3U6KEXZANCNFSM5P6VJAOQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

mrl5 commented 2 years ago

use cases:

as a funtoo linux maintainer I'd like to have a tool that creates security vulnerability tickets in a standard way based on vulner scan findings
as a funtoo linux user I'd like to know if there is already a jira ticket for cve reported in scan result
as a funtoo linux user I'd like a CLI command that lists security vulnerability tickets that are not fixed

mrl5 commented 2 years ago

self-notes:

UC2: curl -s 'https://bugs.funtoo.org/rest/api/latest/search?fields=key&jql=issuetype%20%3D%2010200%20AND%20text%20~%20CVE-2022-1292' | jq '.issues[].key'
UC3: curl -s 'https://bugs.funtoo.org/rest/api/latest/search?fields=key,summary&jql=issuetype%20%3D%2010200%20AND%20statuscategory%20!%3D%20Done' | jq '.issues[] | {key: .key, summary: .fields.summary}'

https://docs.atlassian.com/software/jira/docs/api/REST/9.2.0/#api/2/

mrl5 commented 2 years ago

still todo:

UC: as a funtoo linux maintainer I'd like to have a tool that creates security vulnerability tickets in a standard way based on vulner scan findings