Generate list of all security tickets and associated CVEs as part of the release (BUILD-887)

[BUILD-892] Concept for CVE Jira field Created: 10/Aug/22  Updated: 23/Sep/22  Resolved: 15/Aug/22

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Sub-task Priority: Neutral
Reporter: Maxime Michel Assignee: Federico Grilli
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Date of First Response:
Team: Foundation

 Description   

Add an optional CVE field that can be defined on security issues. How should it work, though? Sometimes, the same CVE has multiple IDs. Sometimes, a library is affected by multiple CVEs. Sometimes CVEs are false positives or require extra commentary.

Also, at which point of the process do we assign CVEs to issues? Who is responsible for this, who are the fallbacks?



 Comments   
Comment by Jan Haderka [ 23/Sep/22 ]

fgrilli could we extend it's use to SRE, CLOUD, MAGNOLIA and MGNLGQL projects too please? Those are the ones where we have currently open security tickets with CVE linked to them. Alternatively, if that is easier, we could just add it to all modules under Magnolia Community, Magnolia Enterprise, Magnolia Add-ons and Internal project categories.

Generated at Sun Feb 11 23:46:10 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.