-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE Feed: Include a timestamp field for each CVE indicating when it was last updated #63
Comments
@Dentrax: This issue is currently awaiting triage. SIG Docs takes a lead on issue triage for this website, but any Kubernetes member can accept issues by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/sig security |
The |
|
I can submit a PR for this if does it make sense overall. Where can I find the cve-feed-api source code? Any actions required in frontend? (i.e., adding new column for timestamp) |
https://www.k8s.dev/blog/2022/09/12/k8s-cve-feed-alpha/ outlines the implementation @Dentrax Given that this is relevant to #1, I will transfer this issue to that other repo: |
Once the upstream feed has this data, we may also want changes to k/website to make that last updated information available. For example, we could calculate an overall last-updated for the whole feed, and put that onto https://kubernetes.io/docs/reference/issues-security/official-cve-feed/ as text. |
This would be trivial to implement after this one is merged #75. |
/triage accepted |
I just added a commit to fix this in #75 (comment). |
Fixed by #76 via date_published field. Feel free to re-open if you think this needs more work to be resolved. /close |
@PushkarJ: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is a Feature Request
-
What would you like to be added
https://kubernetes.io/docs/reference/issues-security/official-cve-feed/index.json
lastUpdateTime
timestamp field in the root.timestamp
field to CVE entryWhy is this needed
In the current response, there is no
lastUpdateTime
field. So it's challenging to distinguish when the CVE Feed is actually updated or it's already up-to-date.I think
timestamp
field is also necessary to indicate when the CVE is added to the feed. There could be a time-window between CVE discover time versus CVE added to feed time.Alternative Solution:
Use RSS 2.0 standard instead for better scaling for further requirement needs.
Comments
-
cc @developer-guy
The text was updated successfully, but these errors were encountered: