Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added initial support for vulnerability evidence #360

Closed
wants to merge 1 commit into from

Conversation

stevespringett
Copy link
Member

@stevespringett stevespringett commented Dec 29, 2023

Adds vulnerability evidence support.

  • JSON Schema
  • XML Schema
  • Protobuf
  • Test cases

Closes #333

"description": "The technique used in this method of analysis.",
"type": "string",
"enum": [
"source-code-analysis",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For most CVEs, the exact technique used by the researcher to identify the CVE would be unknown. In case of vulnerabilities reported in custom code (say using SAST/DAST), then the key data to capture are the rules, policies, queries that helped identify the vulnerability, and some version information for scanners and their engines.

@stevespringett stevespringett modified the milestones: 1.6, 1.7 Feb 22, 2024
Base automatically changed from 1.6-dev to master April 9, 2024 05:13
@stevespringett stevespringett deleted the 1.6-dev-vulnerability-evidence branch April 9, 2024 05:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Request: Evidence for Vulnerabilities
2 participants