Closed carlosthe19916 closed 2 months ago
It looks like the reason for this is:
When no "vulnerability" is found, then a new one will be created, but without any information.
Digging into this issue the situation seems as follows:
So running the CSAF importer and the CVE importer is required. To my understanding, the order is not important.
IMO these are the problems:
So running the CSAF importer and the CVE importer is required
is true. Then I strongly believe we should rethink/reformulate the definition of a importer. An importer should be self sufficient. I feel that this is a broader discussion than the title of this issue and can be discussed separatelyI might be missing something but this is still an unsolved issue
Closing this in favor of https://github.com/trustification/trustify/issues/626
Similar to https://github.com/trustification/trustify/issues/280
For each Vulnerability obtained through
GET /api/v1/vulnerability
there should be metadata that help users to understand the context of each element. E.g. title, date published, date modified.