complete support for Bom.Vulnerabilities
#164
Comments
jkowalleck
changed the title
Bom.VulnerabilitiesBom.Vulnerabilities
21 tasks
jkowalleck
added a commit
that referenced
this issue
Feb 2, 2023
* Added * New vulnerability-related enums were added in a new namespace `Enums.Vulnerability` ([#164] via [#419]) _Release stage is “beta”._ These namespace and enums have been released to third-party developers experimentally for the purpose of collecting feedback. These enums should not be used in production, because their contracts may change without notice. * `AffectStatus` * `AnalysisJustification` * `AnalysisResponse` * `AnalysisState` * `RatingMethod` * `Severity` * New vulnerability-related models were added in a new namespace `Models.Vulnerability` ([#164] via [#419]) _Release stage is “beta”._ These namespace and models have been released to third-party developers experimentally for the purpose of collecting feedback. These models should not be used in production, because their contracts may change without notice. _Attention_: The models are not yet supported by shipped serializers nor shipped normalizers. * `Advisory`, `AdvisoryRepository` * `Affect`, `AffectRepository`, `AffectedSingleVersion`, `AffectedVersionRange`, `AffectedVersionRepository` * `Analysis` * `Credits` * `Rating`, `RatingRepository` * `Reference`, `ReferenceRepository` * `Source` * `Vulnerability`, `VulnerabilityRepository` * New class `Models.OrganizationalEntityRepository` to represent a collection of `Models.OrganizationalEntity` (via [#419]) Additionally, `Models.OrganizationalEntity.compare()` was implemented. * New types and related functionality Common Weaknesses Enumerations (CWE) were added (via [#419]) _Release stage is “beta”._ These types, functions and classes have been released to third-party developers experimentally for the purpose of collecting feedback. These types, functions and classes should not be used in production, because their contracts may change without notice. * type `Types.CWE` * runtime validation `Types.isCWE()` * class `Types.CweRepository` --------- Signed-off-by: Peter Wagner <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Co-authored-by: Peter Wagner <[email protected]>
xmasoracle
added a commit
to xmasoracle/cyclonedx-javascript-library
that referenced
this issue
Mar 16, 2023
…DX#164) Signed-off-by: Xavier Maso <[email protected]>
xmasoracle
added a commit
to xmasoracle/cyclonedx-javascript-library
that referenced
this issue
Mar 20, 2023
…DX#164) Signed-off-by: Xavier Maso <[email protected]>
xmasoracle
added a commit
to xmasoracle/cyclonedx-javascript-library
that referenced
this issue
Mar 20, 2023
…DX#164) Signed-off-by: Xavier Maso <[email protected]>
This was referenced May 8, 2023
jkowalleck
added a commit
that referenced
this issue
May 9, 2023
* feat: `bom.vulnerabilities` JSON normalization/serialization (#164) Signed-off-by: Xavier Maso <[email protected]> * Address straightforward PR comments Signed-off-by: Xavier Maso <[email protected]> * Address comments on time-based properties Signed-off-by: Xavier Maso <[email protected]> * Add `bom-ref` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Correct `references` of serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `ratings` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `cwes` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `advisories` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `credits` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `tools` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `analysis` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `properties` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Add `affects` to serialized `vulnerability` Signed-off-by: Xavier Maso <[email protected]> * Refactor type names for `Normalized.Vulnerability.*` Signed-off-by: Xavier Maso <[email protected]> * Discrimate `Vulnerability.bomRef`s Signed-off-by: Xavier Maso <[email protected]> * cs-fix Signed-off-by: Jan Kowalleck <[email protected]> * tests: fix expected Signed-off-by: Jan Kowalleck <[email protected]> --------- Signed-off-by: Xavier Maso <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Co-authored-by: Jan Kowalleck <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
checklist
bom.vulnerabilitiesdata models and enums #419bom.vulnerabilitiesdata models and enums #419BmRefdiscriminator must takeVulnerabilitiesinto account. -- feat: base-serializer runs bomRefDiscrimination on vulnerabilities #721Maybe it should prefix autogenerated names with the data class name?vulnerability#726bom.vulnerabilitiesJSON normalization #548VEX&VDRto the keys in github andpackage.json--> implement XML normalization according to CycloneDX/specification/issues/154 #727
@betafrom modelsREADME.md@betastructures are non-breaking, still need documentationThe text was updated successfully, but these errors were encountered: