Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable triage on package level (GLVD) #86

Open
1 task done
pnpavlov opened this issue Jul 11, 2024 · 0 comments
Open
1 task done

Enable triage on package level (GLVD) #86

pnpavlov opened this issue Jul 11, 2024 · 0 comments
Labels
kind/epic Large multi-story topic

Comments

@pnpavlov
Copy link
Member

pnpavlov commented Jul 11, 2024

Epic: Enable triage on package level (GLVD)

Summary

As Garden Linux maintainer, I would like to be able to triage vulnerabilities related to Garden Linux.

Requirements

  • The API design and implementation follows industry best practices like the Microsoft REST API Guidelines -> Azure REST API Guidelines or at least the most essential sections covering HTTP Request / Response Pattern, HTTP Return Codes.
  • The API provides clear, up-to-date developer friendly documentation according to a common standard, like OpenAPI Specification which is served together with the API for example over Swagger Open Source tools
  • As of today, single deployment is sufficient. It should contain always the latest version of the main branch.
  • NIST : Ingest all NIST metric versions, not only v3.

Definition of done

  • As user, I can use a public HTTP endpoint that is serving a well designed and versioned API and complete documentation for each allowed request. Preferred solution is to have HTTP REST API that can serve me documentation, schema and real data.
  • The user can query for published release and get the list of packages involved and their known vulnerabilities.

Limitations or not included in scope

  • This does not yet require a nice user interface, an HTTP API is sufficient
  • This does not yet include knowledge about which packages are included in any given Garden Linux image, the user provides a list of package names and versions

Tasks

Nov

@pnpavlov pnpavlov added the kind/epic Large multi-story topic label Jul 11, 2024
@pnpavlov pnpavlov changed the title Enable triage of already identified vulnerabilities on package level Enable triage on package level (GLVD) Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/epic Large multi-story topic
Projects
None yet
Development

No branches or pull requests

1 participant