Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-1119

Post Support for adding binary package names to CSAF VEX files

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Major Major
    • CY25Q3
    • None
    • None
    • None
    • Post support for adding binary package names to CSAF VEX files for unpatched vulnerabilities
    • False
    • Hide

      None

      Show
      None
    • False
    • In Progress
    • 25% To Do, 13% In Progress, 63% Done
    • Very Likely
    • 0

      Title / Epic Summary
      This epic is to follow up different special components after migrating hardcoded mappings of components from SDEngine to OSIDB to make sure adding binary package names to CSAF VEX files completely.

      Outcome

      • All of the special components are handled and no new users' feedback.
      • Monitor the feedback from SECDATA-1097 and file new issue for the bug or reply in the comment if not a bug.
      • Fix the major/critical/blocker bugs and release in SDEngine.

      Acceptance Criteria

      • All of the special components are handled and verified by Tools/VM team.
      • The major/critical/blocker bugs were fixed and released in SDEngine prod.

      Details
      After migrating hardcoded mappings of components from SDEngine to OSIDB, there are some components need to be handled by tools/VM, also there will be new findings during testing.
      All of new findings will be created and managed in this Epic for the follow up.

      Relevant Stakeholders

      Impact Statement
      Without the handing, some VEX files would contain component names that are not real RPMs.

      Target Start Date
      CY25Q3

              chhan@redhat.com Chuntao Han
              yulwang@redhat.com Yuli Wang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: