mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
- Added.
This commit is contained in:
CVE Team
commit
e7b074f4cd
55
CONTRIBUTING.md
Normal file
55
CONTRIBUTING.md
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
# How to contribute
|
||||||
|
|
||||||
|
## Notes
|
||||||
|
|
||||||
|
1. Only members of the CVE Automation Working Group should create
|
||||||
|
pull requests or open issues in this repository currently. Going
|
||||||
|
forward, we hope to allow progressively wider participation; eg, from
|
||||||
|
CNAs generally and then security researchers and other cybersecurity
|
||||||
|
community members. Until then, others who wish to contribute should
|
||||||
|
use the [CVE Request web form](https://cveform.mitre.org).
|
||||||
|
|
||||||
|
2. Only submit information that is intended to become public
|
||||||
|
immediately. There is **no support** for embargoed submissions!!
|
||||||
|
|
||||||
|
3. Understand that this is only a pilot - it could be changed
|
||||||
|
significantly or even halted.
|
||||||
|
|
||||||
|
4. Submissions should be made subject to the [CVE Submissions
|
||||||
|
License Terms of Use](https://cve.mitre.org/about/termsofuse.html).
|
||||||
|
|
||||||
|
5. It is **strongly recommended** that submissions use [signed
|
||||||
|
commits](https://help.github.com/articles/signing-commits-with-gpg/).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
## Sending Data about CVE Entries to MITRE
|
||||||
|
|
||||||
|
0. If you haven't done so already, fork the _cvelist_ repository.
|
||||||
|
|
||||||
|
1. Ensure your fork is up to date.
|
||||||
|
|
||||||
|
2. Create a new branch. We recommend grouping related updates into a
|
||||||
|
single submission and using a separate branch for each submission.
|
||||||
|
For example, one CNA may choose to have a single submission for each
|
||||||
|
monthly patch bundle, while another may opt for a daily submission.
|
||||||
|
|
||||||
|
3. Make changes to one or more files. **NB:** limit your changes to
|
||||||
|
only those portions of the JSON that need to be updated rather than
|
||||||
|
naively overwriting the entire file.
|
||||||
|
|
||||||
|
4. Create a pull request to merge the changes in your new branch into
|
||||||
|
the cvelist master.
|
||||||
|
|
||||||
|
After a pull request has been submitted, the CVE Team will review the
|
||||||
|
submission and work with you to resolve issues. Then the CVE Team
|
||||||
|
will merge the updated files into the "master" branch and use the
|
||||||
|
supplied information to update the associated entries in the CVE List
|
||||||
|
itself.
|
||||||
|
|
||||||
|
|
||||||
|
## Contact
|
||||||
|
|
||||||
|
Direct questions, comments, or concerns about use of this repo to the CVE
|
||||||
|
Team using the [CVE Request web form](https://cveform.mitre.org).
|
||||||
|
|
||||||
45
README.md
Normal file
45
README.md
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
# CVE Automation Working Group Git Pilot
|
||||||
|
|
||||||
|
The [CVE Automation Working
|
||||||
|
Group](https://github.com/CVEProject/automation-working-group) is
|
||||||
|
piloting use of git to share information about public vulnerabilities.
|
||||||
|
The goal is to learn not only what features are necessary to support
|
||||||
|
the "plumbing" of sending and receiving the data, but also which
|
||||||
|
attributes and metadata are needed in the CVE format to support
|
||||||
|
automation.
|
||||||
|
|
||||||
|
This repository holds information included in the [CVE
|
||||||
|
List](https://cve.mitre.org) formatted using the [CVE JSON
|
||||||
|
format](https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema).
|
||||||
|
|
||||||
|
Use of the CVE information in this repository is subject to the [CVE
|
||||||
|
Terms of Use](https://cve.mitre.org/about/termsofuse.html).
|
||||||
|
|
||||||
|
|
||||||
|
## Overview of the Repository
|
||||||
|
|
||||||
|
Information about each CVE id is stored as a unique file in the repo
|
||||||
|
in a subdirectory based on the year as well as the numeric portion of
|
||||||
|
the id, truncated by 1,000. Thus, [2017/3xxx](2017/3xxx) is for
|
||||||
|
CVE-2017-3000 - CVE-2017-3999, and [2017/1002xxx](2017/1002xxx) is for
|
||||||
|
CVE-2017-1002000 - CVE-2017-1002999.
|
||||||
|
|
||||||
|
The CVE Team updates these files automatically every hour using
|
||||||
|
information from the CVE List, provided there have been changes. The
|
||||||
|
synchronization job kicks off at the top of the hour and should
|
||||||
|
complete within 5 minutes.
|
||||||
|
|
||||||
|
For ids that have been populated, the files contain the description
|
||||||
|
and references that appear in the [CVE
|
||||||
|
List](https://cve.mitre.org/cve/cve.html). They may also contain
|
||||||
|
information about the affected product(s) and problem type(s), which
|
||||||
|
CNAs have been supplying when making assignments during the past year
|
||||||
|
but which is not included in the CVE List. And going forward, it is
|
||||||
|
hoped that they will contain a richer collection of information about
|
||||||
|
the vulnerability, as supported by the full CVE JSON schema.
|
||||||
|
|
||||||
|
|
||||||
|
## Contact
|
||||||
|
|
||||||
|
Direct questions, comments, or concerns about use of this repo to the CVE
|
||||||
|
Team using the [CVE Request web form](https://cveform.mitre.org).
|
||||||
Loading…
x
Reference in New Issue
Block a user