glvd: implement minimum viable triage feature #127
Assignees
Milestone
Comments
fwilhe
added a commit
to gardenlinux/glvd-api
that referenced
this issue
Nov 14, 2024
fwilhe
added a commit
to gardenlinux/glvd-data-ingestion
that referenced
this issue
Nov 15, 2024
changes the view sourcepackagecve so that it always returns the full list of cves so the client can filter for resolved. This is maybe not great from a performance point of view, and it can be optimized later, but currently this seems to be what we need for the UI. Part of gardenlinux/glvd#127
fwilhe
added a commit
to gardenlinux/glvd-api
that referenced
this issue
Nov 15, 2024
Implements the following features: - Allow viewing both resolved and unresolved issues in cve by distribution list - Display of cve context in cve details Part of gardenlinux/glvd#127
|
related: gardenlinux/glvd-contrib@d815419 |
|
Related work: Add a wrapper script to run the triage more easily: |
|
Local test setup |
|
API to query cve details with context (triage information): gardenlinux/glvd-api#68 |
|
Setup minimal test data gardenlinux/glvd-api#69 |
|
Show triage info in a table, view more information like the distribution id gardenlinux/glvd-api#70 |
|
Better test setup for triage process gardenlinux/glvd-triage-cli#1 |
|
Show last modified and ingested date |
|
Closing as completed. We have a minimum triage feature, further development will be reflected in separate issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
for glvd, we need a way to set a state for cves that hides them from the default view
there are many old cves that are technically vulnerable, but in practice they are either fixed or not considered as an actual vulnerability.
we need some sort of triage feature. this requires changes to the database, and it requires some sort of writable api (so far our api is read-only on purpose to avoid having to deal with authn/authz)
The text was updated successfully, but these errors were encountered: