OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code
We have seen CSAF documents that have product_identification_helper that do not match the product described in branches, e.g. the version number is missing in a CPE or purl. We should add a mandatory (?) test to check for the low-hanging fruits.
We have seen CSAF documents that have
product_identification_helperthat do not match the product described inbranches, e.g. the version number is missing in aCPEorpurl. We should add a mandatory (?) test to check for the low-hanging fruits.