Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement the ProductTree group of sections #26

Closed
sustefil opened this issue Jan 12, 2022 · 2 comments · Fixed by #36
Closed

Implement the ProductTree group of sections #26

sustefil opened this issue Jan 12, 2022 · 2 comments · Fixed by #36
Assignees
@sustefil
Projects
cvrf2csaf_poc_implementation

Comments

@sustefil
Copy link
Contributor

sustefil commented Jan 12, 2022
edited by cgi1

Part of EPIC #10

CVRF 1.1 view

grafik

changed 1.2 -> 2.0 spec

E.1 Newly introduced elements

  • /product_tree/*/product/product_identification_helper: Provides at least one method which aids in identifying the product in an asset database. It was introduced to group different ways to identify a product/
  • /product_tree/*/product/product_identification_helper/hashes: Contains a list of cryptographic hashes usable to identify files.
  • /product_tree/*/product/product_identification_helper/purl: The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.
  • /product_tree/*/product/product_identification_helper/sbom_urls: Contains a list of URLs where SBOMs for this product can be retrieved.
  • /product_tree/*/product/product_identification_helper/serial_numbers: Contains a list of parts, or full serial numbers.
  • /product_tree/*/product/product_identification_helper/skus: Contains a list of parts, or full stock keeping units.
  • /product_tree/*/product/product_identification_helper/x_generic_uris: Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.

E.2 Changed elements

Around 130 element changes are documented --> /cvrf:cvrfdoc/prod:ProductTree

Field definitions

3.2.2 Product Tree Property

/product_tree/relationships[]: If more than one prod:FullProductName instance is given, the CVRF CSAF converter converts the first one into the full_product_name. In addition, the converter outputs a warning that information might be lost during conversion of product relationships. quoted here
@sustefil sustefil self-assigned this Jan 12, 2022
@sustefil sustefil added this to In progress in cvrf2csaf_poc_implementation Jan 12, 2022
@cgi1 cgi1 mentioned this issue Jan 12, 2022
Closed
8 tasks
@cgi1
Copy link
Contributor

cgi1 commented Jan 12, 2022

Added special case from 9.1.5 Conformance Clause 5: CVRF CSAF converter

@cgi1 cgi1 changed the title Implement the ProductTree section Implement the ProductTree group of sections Jan 12, 2022
@cgi1
Copy link
Contributor

cgi1 commented Jan 12, 2022

added newly/changed elements from 1.2 -> 2.0 spec.

@cgi1 cgi1 mentioned this issue Jan 13, 2022
Closed
4 tasks
@sustefil sustefil mentioned this issue Jan 14, 2022
Merged
@cgi1 cgi1 closed this as completed in #36 Jan 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sustefil sustefil

Labels
None yet
Projects
cvrf2csaf_poc_implementation
In progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement the whole ProductTree section csaf-tools/CVRF-CSAF-Converter
2 participants
@cgi1 @sustefil