Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSAF Generation #141

Merged
merged 5 commits into from
Oct 15, 2023
Merged

CSAF Generation #141

merged 5 commits into from
Oct 15, 2023

Conversation

cerrussell
Copy link
Collaborator

@cerrussell cerrussell commented Oct 13, 2023
edited
Loading

New feature - CSAF generation

  • Adds the option to output a csaf document with vulnerability results.

@cerrussell
Preliminary CSAF generation
2774ba6 
Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Improvements to tracking, handling of revisions, formatting, downloading default csaf.toml

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Improved handling of references, dates, and cwes, creation of csaf.toml if not found.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Added docstrings to csaf.py, refined cvss_v3 for csaf

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Enhanced csaf, adding: reference summaries, logic for release dates, product tree import, removal of fields with no data

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Created csaf metadata and settings file, configured import and parsing, resolved validation issues

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Added more data to CSAF, created toml for user settings and metadata

Signed-off-by: Caroline Russell <caroline@appthreat.dev>
@cerrussell
CSAF improvements, accuracy, error handling
8f2f20d 
Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Fix Python compatibility issue by replacing match with if statements.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Test fix

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Write csaf.toml back out to update tracking.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>
@cerrussell
CSAF Tests
4492ea1 
Modify tests due to change in csaf.toml

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Fix regex errors

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

CSAF Tests

Signed-off-by: Caroline Russell <caroline@appthreat.dev>
@cerrussell cerrussell linked an issue Oct 13, 2023 that may be closed by this pull request
Switch to csaf feeds for redhat AppThreat/vulnerability-db#57
Open
@cerrussell cerrussell removed a link to an issue Oct 13, 2023
Switch to csaf feeds for redhat AppThreat/vulnerability-db#57
Open
prabhu
prabhu approved these changes Oct 13, 2023
View reviewed changes
Copy link
Member

@prabhu prabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow! I am speechless! This looks so cool!

prabhu
prabhu reviewed Oct 13, 2023
View reviewed changes
depscan/lib/csaf.py Outdated Show resolved Hide resolved
prabhu
prabhu reviewed Oct 13, 2023
View reviewed changes
depscan/lib/csaf.py Outdated Show resolved Hide resolved
prabhu
prabhu reviewed Oct 13, 2023
View reviewed changes
depscan/lib/csaf.py Outdated Show resolved Hide resolved
prabhu
prabhu reviewed Oct 14, 2023
View reviewed changes
depscan/lib/csaf.py Outdated Show resolved Hide resolved
@cerrussell
Created CSAF Readme
7188180 
Signed-off-by: Caroline Russell <caroline@appthreat.dev>
@cerrussell cerrussell force-pushed the feature/csaf branch 5 times, most recently from e3f41ef to ea1d418 Compare October 15, 2023 13:35
@cerrussell cerrussell linked an issue Oct 15, 2023 that may be closed by this pull request
Consider support for CSAF #98
Closed
@cerrussell cerrussell marked this pull request as ready for review October 15, 2023 18:08
prabhu
prabhu reviewed Oct 15, 2023
View reviewed changes
depscan/cli.py Show resolved Hide resolved
prabhu
prabhu reviewed Oct 15, 2023
View reviewed changes
depscan/cli.py Show resolved Hide resolved
prabhu
prabhu reviewed Oct 15, 2023
View reviewed changes
pyproject.toml Outdated Show resolved Hide resolved
@cerrussell
Toml, dates, revisions improvements
bfe79bd 
Minor fixes and date improvements.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Simplifications and improvements: reduced toml nesting, only reset IDs we generate, remove tomli and requests as dependencies

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Modify revisions per csaf spec, store csaf.toml string in csaf.py

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Add depscan version tracking to toml to enable backwards compatibility should toml options change, reformat documentation.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>
@cerrussell cerrussell merged commit afed790 into master Oct 15, 2023
71 checks passed
@cerrussell cerrussell deleted the feature/csaf branch October 15, 2023 22:35
saketjajoo pushed a commit that referenced this pull request Oct 16, 2023
@cerrussell @saketjajoo
CSAF Generation (#141)
26960f1 
Feat: CSAF Generation

* Preliminary CSAF generation

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Improvements to tracking, handling of revisions, formatting, downloading default csaf.toml

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Improved handling of references, dates, and cwes, creation of csaf.toml if not found.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Added docstrings to csaf.py, refined cvss_v3 for csaf

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Enhanced csaf, adding: reference summaries, logic for release dates, product tree import, removal of fields with no data

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Created csaf metadata and settings file, configured import and parsing, resolved validation issues

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Added more data to CSAF, created toml for user settings and metadata

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* CSAF improvements, accuracy, error handling

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Fix Python compatibility issue by replacing match with if statements.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Test fix

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Write csaf.toml back out to update tracking.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* CSAF Tests

Modify tests due to change in csaf.toml

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Fix regex errors

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

CSAF Tests

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Created CSAF Readme

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

* Toml, dates, revisions improvements

Minor fixes and date improvements.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Simplifications and improvements: reduced toml nesting, only reset IDs we generate, remove tomli and requests as dependencies

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Modify revisions per csaf spec, store csaf.toml string in csaf.py

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

Add depscan version tracking to toml to enable backwards compatibility should toml options change, reformat documentation.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>

---------

Signed-off-by: Caroline Russell <caroline@appthreat.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider support for CSAF
2 participants
@cerrussell @prabhu