Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add vulnerability report verifier #35

Merged
merged 17 commits into from
Dec 6, 2023
Merged

docs: add vulnerability report verifier #35

merged 17 commits into from
Dec 6, 2023

Conversation

akashsinghal
Copy link
Collaborator

No description provided.

@netlify Netlify
Copy link

netlify bot commented Nov 20, 2023
edited
Loading

Deploy Preview for ratify-dev ready!

Name Link
🔨 Latest commit c349acb
🔍 Latest deploy log https://app.netlify.com/sites/ratify-dev/deploys/6570bf8a5de5ab0009bef2f8
😎 Deploy Preview https://deploy-preview-35--ratify-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@akashsinghal akashsinghal mentioned this pull request Nov 20, 2023
Merged
12 tasks
FeynmanZhou
FeynmanZhou reviewed Nov 21, 2023
View reviewed changes
Copy link
Collaborator

@FeynmanZhou FeynmanZhou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @akashsinghal . Please see my comments.

FeynmanZhou
FeynmanZhou reviewed Nov 23, 2023
View reviewed changes
docs/external plugins/Verifier/vulnerabilityreport.md

### Recording

[![asciicast](https://asciinema.org/a/622368.svg)](https://asciinema.org/a/622368)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a way to embed the player into the website page. Could you try it as follows?

<script async id="asciicast-622368" src="https://asciinema.org/a/622368.js"></script>

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this is nontrivial. I tried to change the file to mdx but I still cannot embed the script inside the file.

susanshi
susanshi reviewed Nov 23, 2023
View reviewed changes
Copy link
Collaborator

@susanshi susanshi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doc looks great! left some minor coments. thanks!

docs/external plugins/Verifier/vulnerabilityreport.md Outdated Show resolved Hide resolved
docs/external plugins/Verifier/vulnerabilityreport.md Outdated Show resolved Hide resolved
docs/external plugins/Verifier/vulnerabilityreport.md Outdated Show resolved Hide resolved
docs/external plugins/Verifier/vulnerabilityreport.md Outdated Show resolved Hide resolved
docs/external plugins/Verifier/vulnerabilityreport.md Outdated Show resolved Hide resolved
@akashsinghal akashsinghal self-assigned this Nov 29, 2023
susanshi
susanshi reviewed Dec 5, 2023
View reviewed changes
docs/external plugins/Verifier/vulnerabilityreport.md Outdated
| maximumAge | No | spec.parameters.maximumAge | The string formatted max age of report | "" |
| disallowedSeverities | No | spec.parameters.disallowedSeverities | String array of disallowed severities. Verification fails if ANY specified severity found. Most common severities: `low`, `medium`, `high`, `critical`, `unknown` | [] |
| denylistCVEs | No | spec.parameters.denylistCVEs | String array of CVE IDs. Verification fails if ANY specified CVE ID found. Find CVEs [here](https://nvd.nist.gov/vuln/search) | [] |
| passthrough | No | spec.parameters.passthrough | Bypasses all verification except for `maximumAge`. Report content in `report` field of verifier report | false |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion to mention which scenarios may passthrough be useful.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@susanshi I've added a section at the bottom called "Passthrough Mode". I feel specifying scenarios in the parameter table is too verbose.

susanshi
susanshi previously approved these changes Dec 5, 2023
View reviewed changes
@akashsinghal akashsinghal merged commit 639424c into ratify-project:main Dec 6, 2023
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FeynmanZhou FeynmanZhou FeynmanZhou left review comments

@susanshi susanshi susanshi approved these changes

@binbin-li binbin-li Awaiting requested review from binbin-li binbin-li is a code owner

@luisdlp luisdlp Awaiting requested review from luisdlp luisdlp is a code owner

@toddysm toddysm Awaiting requested review from toddysm toddysm is a code owner

Assignees

@akashsinghal akashsinghal

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@akashsinghal @susanshi @FeynmanZhou