Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: add url to notes #623

Open
jaccoNCSCNL opened this issue May 22, 2023 · 3 comments
Open

feature request: add url to notes #623

jaccoNCSCNL opened this issue May 22, 2023 · 3 comments
Assignees
@tschmidtb51
Labels
csaf 2.x Maybe future tc-discussion-needed

Comments

@jaccoNCSCNL
Copy link

As a national CERT we often include (parts of) text from vendors in our generated CSAF documents. These texts are in the notes section of the vulnerability properties. In the references section we now have the link to the original advisory.
Currently it is not possible to connect the note to the reference. It would be nice to make that connection. This could be done either by a url field in the note, or via a construct similar to product_id i.e. a unique string per url which can be referenced in the notes section.
@tschmidtb51 tschmidtb51 self-assigned this May 23, 2023
@tschmidtb51
Copy link
Contributor

Thank you for the suggestion. The TC will discuss the suggestion.

@tschmidtb51
Copy link
Contributor

As discussed in today's TC meeting, here is an example, how this could look like:

      "notes": [
        {
          "category": "summary",
          "references": "CSAFRef-0001",
          "text": "Summarizing the text that should be in here. BTW: It was actually cited or taken from the original advisory linked in the references.",
          "title": "Vulnerability summary"
        }
      ],
      // ...
      "references": [
        {
          "category": "external",
          "id": "CSAFRef-0001",
          "summary": "A cool summary",
          "url": "https://example.com/an-advisory-url-I-want-to-cite"
        }
      ],

@jaccoNCSCNL
Copy link
Author

looks good. this will work for us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tschmidtb51 tschmidtb51

Labels
csaf 2.x Maybe future tc-discussion-needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tschmidtb51 @jaccoNCSCNL