Generate list of all security tickets and associated CVEs as part of the release
(BUILD-887)
|
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Sub-task | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Federico Grilli |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Date of First Response: | |
| Team: |
| Description |
|
Add an optional CVE field that can be defined on security issues. How should it work, though? Sometimes, the same CVE has multiple IDs. Sometimes, a library is affected by multiple CVEs. Sometimes CVEs are false positives or require extra commentary. Also, at which point of the process do we assign CVEs to issues? Who is responsible for this, who are the fallbacks? |
| Comments |
| Comment by Jan Haderka [ 23/Sep/22 ] |
|
fgrilli could we extend it's use to SRE, CLOUD, MAGNOLIA and MGNLGQL projects too please? Those are the ones where we have currently open security tickets with CVE linked to them. Alternatively, if that is easier, we could just add it to all modules under Magnolia Community, Magnolia Enterprise, Magnolia Add-ons and Internal project categories. |