Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add reference documentation about Vulnerability Management #109 #212

Merged
merged 7 commits into from
Dec 19, 2024
Merged

Add reference documentation about Vulnerability Management #109 #212

merged 7 commits into from
Dec 19, 2024

Conversation

tdruez
Copy link
Contributor

@tdruez tdruez commented Dec 17, 2024
edited
Loading

@DennisClark
Copy link
Member

@tdruez Very impressive additions to the documentation, which is nicely comprehensive. I do not have any suggestions or corrections at this time.

@tdruez
Copy link
Contributor Author

tdruez commented Dec 18, 2024

@DennisClark In addition to the "Vulnerability Management" chapter, I've added a new How To about "Product Vulnerability Analysis".

Available at https://dejacode.readthedocs.io/en/109-vulnerability-documentation/howto-4-product-vulnerability-analysis.html for review. This should complete the #109 scope.

@DennisClark
Copy link
Member

@tdruez in Section 2 "Reviewing Vulnerabilities", the first sentence
The Product the Vulnerabilities tab provides a detailed row ...
should be
The Product Vulnerabilities tab provides a detailed row ...

@DennisClark
Copy link
Member

DennisClark commented Dec 18, 2024
edited
Loading

@tdruez Perhaps it would be nice to add the following "Note" at the end of the "3. Conducting Analysis" section:

The analysis details that you provide for a product package vulnerability are included in the "vulnerabilities" sections of CycloneDX VEX and SBOM+VEX documents when you share them from your products.

@DennisClark
Copy link
Member

@tdruez The new "How To" is very nice and comprehensive; I have no additional suggestions beyond the two comments above.

@tdruez
Add a note about the CycloneDX and CSAF exports #109
39ecb60 
Signed-off-by: tdruez <tdruez@nexb.com>
@tdruez tdruez merged commit 5bf991b into main Dec 19, 2024
3 checks passed
@tdruez tdruez deleted the 109-vulnerability-documentation branch December 19, 2024 05:05
@tdruez tdruez mentioned this pull request Dec 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tdruez @DennisClark