Generate XML file for vulnerabilities RSS feed

[KeplerBoyce]

Generates an RSS XML file for package vulnerabilities alongside the vulnerabilities docs page.

This is what the XML file would look like if there were some vulnerabilities:

<?xml version="1.0" encoding="UTF-8" ?>
<rss version="2.0">

<channel>
<title>z/OS Open Tools Vulnerabilities</title>
<link>https://zosopentools.org/#/Vulnerabilities</link>
<description>Vulnerabilities in z/OS Open Tools Packages</description>

<item>
<title>caddy (Build 2215) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=caddy</link>
<description>1 medium vulnerability</description>
<guid isPermaLink="false">caddy (Build 2215) - (STABLE)</guid>
</item>

<item>
<title>logrotate (Build 2172) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=logrotate</link>
<description>1 medium vulnerability</description>
<guid isPermaLink="false">logrotate (Build 2172) - (STABLE)</guid>
</item>

<item>
<title>grafana (Build 2267) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=grafana</link>
<description>1 high vulnerability</description>
<guid isPermaLink="false">grafana (Build 2267) - (STABLE)</guid>
</item>

<item>
<title>grafana (Build 2266) - (STABLE)</title>
<link>https://zosopentools.org/#/Vulnerabilities?id=grafana</link>
<description>2 vulnerabilities (1 critical, 1 high)</description>
<guid isPermaLink="false">grafana (Build 2266) - (STABLE)</guid>
</item>

</channel>

</rss>

Each package release is a separate item and each item has a unique GUID, so I believe users should be notified whenever a new package release with vulnerabilities comes out and shouldn't get repeat notifications when the XML file gets updated.

Also, I'm not sure how users actually subscribe to RSS feeds. Do we need to add it to some feed directories, or can people subscribe to it themselves if we provide the URL to the XML file?

[IgorTodorovskiIBM]

I use a browser plugin like this: https://chromewebstore.google.com/detail/rss-feed-reader/pnjaodmkngahhkoihejjehlcdlnohgmp . I just created a copy and it seems to work: https://raw.githubusercontent.com/IgorTodorovskiIBM/IgorTodorovski/main/feed.xml . Nice job!

I did notice that your branch is a bit oudated. You'll need to rebase or merge with main.

You can do a git fetch first, and then in your branch, you can do git rebase origin/main . And then you can do a git push --force.

[v1gnesh]

An accompanying blog post showing how to add RSS feeds to Outlook desktop app will be handy.
Customers can do that.
Individuals can use a feed reader such as Feedly, Newsblur, etc.
It's not uncommon that browser extension maintainers are enticed by $, as companies want to buy the data they process :)

[IgorTodorovskiIBM]

docupdate.sh was moved to on_nightly.sh. You can probably remove this file git rm cicd/docupdate.sh. and then add the relevant changes to https://github.com/ZOSOpenTools/meta/blob/main/cicd/on_nightly.sh#L16 and then commit it

[KeplerBoyce]

Ah my bad, I had forgotten about that

[IgorTodorovskiIBM]

Looks good, one last thing: can you add a link in the md file that points to the raw RSS xml file? That way users can click on it to get to the RSS feed

[IgorTodorovskiIBM]

LGTM, thanks!