You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have seen CSAF documents that have product_identification_helper that do not match the product described in branches, e.g. the version number is missing in a CPE or purl. We should add a mandatory (?) test to check for the low-hanging fruits.
The text was updated successfully, but these errors were encountered:
Thomas Schmidt moves to adopt the implementation of a mandatory test within the CSAF validation process to identify and flag discrepancies between the product_identification_helper and the product details specified in the branches section of CSAF documents. This test will focus on low-hanging issues, such as missing version numbers in Common Platform Enumeration (CPE) identifiers or Package URLs (purls). The motion was seconded by Sonny. The motion passed.
We have seen CSAF documents that have
product_identification_helper
that do not match the product described inbranches
, e.g. the version number is missing in aCPE
orpurl
. We should add a mandatory (?) test to check for the low-hanging fruits.The text was updated successfully, but these errors were encountered: