Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track Potential Adoption of NPM Audit Resolve / Counterclaim / Assertions #20

Open
achrinza opened this issue Apr 28, 2022 · 0 comments
Open

Track Potential Adoption of NPM Audit Resolve / Counterclaim / Assertions #20

achrinza opened this issue Apr 28, 2022 · 0 comments
Labels
openjsf

Comments

@achrinza
Copy link
Member

achrinza commented Apr 28, 2022
edited
Loading

There's discussion in the Node.js ecosystem to create a standard file format to allow Node.js module authors to write a "counterclaim" against a vulnerability with one of its direct or nested dependency.

This is similar to CSAF 2.0 and CycloneDX VEX profiles, which allow software authors to similarly write about their evaluation on the practical impact of the vulnerability.

This issue is to keep track of these proposals.

The expected end-goal is to eventually adopt this file format alongside the CSAF 2.0 and CycloneDX VEX profiles.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
openjsf
Projects
LoopBack Common Project Board
Status: Icebox
Milestone
No milestone
Development

No branches or pull requests
1 participant
@achrinza