Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardware and Software #857

Open
wants to merge 14 commits into
base: editor-revision-2025-01-29
Choose a base branch
from
Open

Hardware and Software #857

wants to merge 14 commits into from

Conversation

tschmidtb51
Copy link
Contributor

@tschmidtb51
Hardware and Software
0146183 
- addresses parts of oasis-tcs#817
- add section about hardware/software separation with example
- add full describe rule
@tschmidtb51 tschmidtb51 added editor-revision already worked on in the editor revision csaf 2.1 csaf 2.1 work labels Jan 16, 2025
@tschmidtb51 tschmidtb51 requested a review from sthagen January 16, 2025 15:26
@tschmidtb51 tschmidtb51 self-assigned this Jan 16, 2025
@sthagen
Copy link
Contributor

sthagen commented Jan 16, 2025

Failure seems to be unrelated to the schema:

Error: This request has been automatically failed because it uses a deprecated version of actions/upload-artifact: v3. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

sthagen
sthagen approved these changes Jan 16, 2025
View reviewed changes
Copy link
Contributor

@sthagen sthagen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nice work. Thanks.
Only some questions with proposals in case I understood the context correctly.

@tschmidtb51
Hardware and Software
95123f2 
- addresses parts of oasis-tcs#817
- add optional test to detect potential mixing of hard- and software (6.2.31)
- add invalid example
- add valid examples
@tschmidtb51
Hardware and Software
f48deb4 
- addresses parts of oasis-tcs#817
- clarify the informative note about test failure
@tschmidtb51
Copy link
Contributor Author

Failure seems to be unrelated to the schema:

Error: This request has been automatically failed because it uses a deprecated version of actions/upload-artifact: v3. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

Tracked as #858

tschmidtb51 and others added 9 commits January 16, 2025 19:10
@tschmidtb51
Hardware and Software
92d8e4e 
- addresses parts of review comment of oasis-tcs#857
- state linking in vulnerability section as example
@tschmidtb51
Hardware and Software
8a8062e 
- addresses parts of review comment of oasis-tcs#857
- soften statement and link to CVE statistics
@tschmidtb51
Hardware and Software
54387f4 
- addresses parts of review comment of oasis-tcs#857
- remove "prohibited" from informative paragraph
@sthagen @tschmidtb51
Update csaf_2.1/prose/edit/src/schema-elements-01-defs-03-full-produc…
2dde099 
…t-name.md

Co-authored-by: tschmidtb51 <[email protected]>
@sthagen
Candidate rewording of informative text
65d1937 
Feel free to revert ...
@tschmidtb51
Hardware and Software
a2153c1 
- addresses parts of oasis-tcs#817
- add optional test to detect multiple same PIH (6.2.32)
- add invalid examples
- add valid examples
@tschmidtb51
Hardware and Software
f06f76d 
- addresses parts of review comment of oasis-tcs#857
- remove merge artifact
- clarify text regarding matching
@tschmidtb51
Hardware and Software
d982990 
- addresses parts of oasis-tcs#817
- add invalid example
- update testcases
@tschmidtb51
Merge branch 'editor-revision-2025-01-29' into hardware-software
58f5bb7
@tschmidtb51 tschmidtb51 marked this pull request as ready for review January 23, 2025 01:12
@tschmidtb51
Hardware and Software
fbcbfb8 
- addresses parts of oasis-tcs#817
- update testcase schema to add new test 6.2.32
@tschmidtb51 tschmidtb51 requested a review from sthagen January 23, 2025 01:39
sthagen
sthagen approved these changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@sthagen sthagen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

justmurphy
justmurphy approved these changes Jan 28, 2025
View reviewed changes
Copy link

@justmurphy justmurphy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@santosomar
Copy link
Contributor

This pull request includes several changes to the CSAF 2.1 documentation and test files, focusing on the representation and validation of hardware and software within the product tree. The changes introduce new guidelines and tests to ensure correct identification and relationships between hardware and software products.

Documentation updates:

  • Added a new section in csaf_2.1/prose/edit/src/additional-conventions.md to specify that hardware and software parts of a product must be presented separately and combined through a relationship.
  • Updated csaf_2.1/prose/edit/src/schema-elements-01-defs-03-full-product-name.md to clarify that the product identification helper must identify the product entirely and cannot omit versions from the CPE if a product version is given in the branches hierarchy.
  • Added new test descriptions in csaf_2.1/prose/edit/src/tests-02-optional.md for verifying the existence of relationships referencing products with specific identification helpers and ensuring unique values for product identification helpers across different products.

Test file additions:

  • Added multiple JSON test files under csaf_2.1/test/validator/data/optional/ to provide examples of valid and invalid configurations for hardware and software relationships and the use of product identification helpers:
    • oasis_csaf_tc-csaf_2_1-2024-6-2-31-01.json
    • oasis_csaf_tc-csaf_2_1-2024-6-2-31-11.json
    • oasis_csaf_tc-csaf_2_1-2024-6-2-31-12.json
    • oasis_csaf_tc-csaf_2_1-2024-6-2-31-13.json
    • oasis_csaf_tc-csaf_2_1-2024-6-2-32-01.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justmurphy justmurphy justmurphy approved these changes

@santosomar santosomar santosomar approved these changes

@sthagen sthagen sthagen approved these changes

Assignees

@tschmidtb51 tschmidtb51

Labels
csaf 2.1 csaf 2.1 work editor-revision already worked on in the editor revision
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tschmidtb51 @sthagen @santosomar @justmurphy