Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSAF Compatability #24

Open
iainDe opened this issue May 9, 2022 · 3 comments
Open

CSAF Compatability #24

iainDe opened this issue May 9, 2022 · 3 comments
Assignees
@sei-vsarvepalli
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@iainDe
Copy link

iainDe commented May 9, 2022

Please expand the Common Security Advisory Framework (CSAF) format when generating notes and sharing the notes through the API
@sei-vsarvepalli
Copy link
Contributor

Hello @iainDe

Have you seen this case - #19 ?

Limited CSAF output via API is available, we are working with CSAF oasis group members @tschmidtb51 @santosomar to take this forward. The CSAF format is only available for the authenticated end points today with limited information as described in the ticket. You can use our demo site using your API Key to view it https://democert.org/vince/ and see how to get to it.

For e.g., The URL https://kb.cert.org/vince/comm/api/case/636397/csaf/ (using your API Key) will provide CSAF document for VU#636397 for example.

Currently we have some limitations as

  1. We don't collect product names and version in a compatible format from each vendor, so we can only use the Vendor Product and Version fields as specified by the researcher/reporter at the time of submitting a case.
  2. We have an update pending moving from generic_csaf will be renamed into csaf_base, still waiting on some review and some more small changes to match recent schema updates

@sei-vsarvepalli sei-vsarvepalli self-assigned this May 9, 2022
@sei-vsarvepalli sei-vsarvepalli added documentation Improvements or additions to documentation enhancement New feature or request labels May 9, 2022
@zmanion zmanion mentioned this issue May 26, 2022
Closed
@sei-vsarvepalli sei-vsarvepalli mentioned this issue Sep 16, 2022
Merged
@sei-vsarvepalli
Copy link
Contributor

#55 is a related recommendation and feedback we received from Oasis CSAF working group.

@z-priest z-priest mentioned this issue Nov 16, 2022
Closed
@sei-vsarvepalli
Copy link
Contributor

Related issues #96 and #97 - more improvements needs to support CSAF properly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sei-vsarvepalli sei-vsarvepalli

Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sei-vsarvepalli @iainDe