Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A new Vulnerability Findings class #698

Merged
merged 7 commits into from
Aug 1, 2023
Merged

A new Vulnerability Findings class #698

merged 7 commits into from
Aug 1, 2023

Conversation

floydtree
Copy link
Contributor

@floydtree floydtree commented Jul 20, 2023
edited

Related Issue: #684

Description of changes:

  1. A new Vulnerability Finding class & related changes -
  2. Attribute additions/modifications -
    • added affected_packages
    • cvss is now an array
    • added package_manager
    • added purl
  3. Changing name of the base class to finding from findings to be consistent with other ocsf classes
  4. Adding constraints to the analytic object
  5. Adding title, desc, references to the cve object
  6. Description cleanup for finding object
  7. Added first_seen_time, last_seen_time to the vulnerability object

@floydtree
adding a base for the new vuln finding class
da5fbda 
Signed-off-by: Rajas <rajaspa@amazon.com>
@floydtree
updates to objects used by vuln findings
189bb04 
Signed-off-by: Rajas <rajaspa@amazon.com>
@floydtree
adding a new field, updating a couple of descriptions
7dc8024 
Signed-off-by: Rajas <rajaspa@amazon.com>
@floydtree floydtree added breaking Any breaking, non backwards compatible changes findings Issues related to Findings Category enhancement New feature or request labels Jul 20, 2023
@floydtree
adding missing group info to remediation attribute
6400689 
Signed-off-by: Rajas <rajaspa@amazon.com>
@floydtree
minor name correction of the base class
26004cf 
Signed-off-by: Rajas <rajaspa@amazon.com>
jasonbreimer
jasonbreimer reviewed Jul 25, 2023
View reviewed changes
objects/cve.json Outdated Show resolved Hide resolved
@floydtree
adding timestamps to the vulnerability object
f0dc232 
Signed-off-by: Rajas <rajaspa@amazon.com>
@floydtree floydtree changed the title A new Vulnerability Findings class - DRAFT A new Vulnerability Findings class Jul 27, 2023
@floydtree floydtree marked this pull request as ready for review July 27, 2023 18:39
@floydtree
Adding back title to the vulnerability object
50185de 
Signed-off-by: Rajas <rajaspa@amazon.com>
awhite456
awhite456 previously approved these changes Jul 27, 2023
View reviewed changes
Copy link
Contributor

@awhite456 awhite456 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, look forward to more finding types in the future

@jasonbreimer jasonbreimer mentioned this pull request Jul 31, 2023
Closed
Aniak5
Aniak5 approved these changes Aug 1, 2023
View reviewed changes
Copy link
Contributor

@Aniak5 Aniak5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@floydtree floydtree merged commit 0d57f90 into ocsf:main Aug 1, 2023
1 check passed
@floydtree floydtree deleted the dev branch August 1, 2023 15:26
This was referenced Aug 2, 2023
Closed
Merged
@jasonbreimer jasonbreimer mentioned this pull request Aug 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jp-harvey jp-harvey jp-harvey left review comments

@Aniak5 Aniak5 Aniak5 approved these changes

@jasonbreimer jasonbreimer jasonbreimer approved these changes

@irakledibm irakledibm irakledibm approved these changes

@awhite456 awhite456 awhite456 approved these changes

@jcburgo jcburgo Awaiting requested review from jcburgo

Assignees
No one assigned
Labels
breaking Any breaking, non backwards compatible changes enhancement New feature or request findings Issues related to Findings Category
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@floydtree @Aniak5 @jp-harvey @jasonbreimer @irakledibm @awhite456