admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added.

Browse Source
This commit is contained in:
CVE Team 2017-10-16 12:26:05 -04:00
commit e7b074f4cd
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
2 changed files with 100 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,55 @@
# How to contribute
## Notes
1. Only members of the CVE Automation Working Group should create
pull requests or open issues in this repository currently. Going
forward, we hope to allow progressively wider participation; eg, from
CNAs generally and then security researchers and other cybersecurity
community members. Until then, others who wish to contribute should
use the [CVE Request web form](https://cveform.mitre.org).
2. Only submit information that is intended to become public
immediately. There is **no support** for embargoed submissions!!
3. Understand that this is only a pilot - it could be changed
significantly or even halted.
4. Submissions should be made subject to the [CVE Submissions
License Terms of Use](https://cve.mitre.org/about/termsofuse.html).
5. It is **strongly recommended** that submissions use [signed
commits](https://help.github.com/articles/signing-commits-with-gpg/).
## Sending Data about CVE Entries to MITRE
0. If you haven't done so already, fork the _cvelist_ repository.
1. Ensure your fork is up to date.
2. Create a new branch. We recommend grouping related updates into a
single submission and using a separate branch for each submission.
For example, one CNA may choose to have a single submission for each
monthly patch bundle, while another may opt for a daily submission.
3. Make changes to one or more files. **NB:** limit your changes to
only those portions of the JSON that need to be updated rather than
naively overwriting the entire file.
4. Create a pull request to merge the changes in your new branch into
the cvelist master.
After a pull request has been submitted, the CVE Team will review the
submission and work with you to resolve issues. Then the CVE Team
will merge the updated files into the "master" branch and use the
supplied information to update the associated entries in the CVE List
itself.
## Contact
Direct questions, comments, or concerns about use of this repo to the CVE
Team using the [CVE Request web form](https://cveform.mitre.org).

45
README.md Normal file
View File

@ -0,0 +1,45 @@
# CVE Automation Working Group Git Pilot
The [CVE Automation Working
Group](https://github.com/CVEProject/automation-working-group) is
piloting use of git to share information about public vulnerabilities.
The goal is to learn not only what features are necessary to support
the "plumbing" of sending and receiving the data, but also which
attributes and metadata are needed in the CVE format to support
automation.
This repository holds information included in the [CVE
List](https://cve.mitre.org) formatted using the [CVE JSON
format](https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema).
Use of the CVE information in this repository is subject to the [CVE
Terms of Use](https://cve.mitre.org/about/termsofuse.html).
## Overview of the Repository
Information about each CVE id is stored as a unique file in the repo
in a subdirectory based on the year as well as the numeric portion of
the id, truncated by 1,000. Thus, [2017/3xxx](2017/3xxx) is for
CVE-2017-3000 - CVE-2017-3999, and [2017/1002xxx](2017/1002xxx) is for
CVE-2017-1002000 - CVE-2017-1002999.
The CVE Team updates these files automatically every hour using
information from the CVE List, provided there have been changes. The
synchronization job kicks off at the top of the hour and should
complete within 5 minutes.
For ids that have been populated, the files contain the description
and references that appear in the [CVE
List](https://cve.mitre.org/cve/cve.html). They may also contain
information about the affected product(s) and problem type(s), which
CNAs have been supplying when making assignments during the past year
but which is not included in the CVE List. And going forward, it is
hoped that they will contain a richer collection of information about
the vulnerability, as supported by the full CVE JSON schema.
## Contact
Direct questions, comments, or concerns about use of this repo to the CVE
Team using the [CVE Request web form](https://cveform.mitre.org).