lix-community/nix-security-tracker
0
0
Fork 0
Code Issues 94 Pull requests 9 Projects Releases Packages Wiki Activity

View a list of pre-computed match suggestions #203

New issue
Closed
opened 2024-09-26 18:45:01 +00:00 by fricklerhandwerk · 3 comments
fricklerhandwerk commented 2024-09-26 18:45:01 +00:00 (Migrated from github.com)
Copy link

As a security team member, I want to have an overview of untriaged CVEs, displayed as a priority list.

Each item in that list should only show the most relevant information:

  • CVE ID
  • CVE logline
  • Number of derivations affected
  • Number of channels affected

The list should be sorted by some reasonable combination of

  • CVE age
  • CVE severity
  • Relevance for Nixpkgs (e.g. number of supposedly affected derivations)
  • Confidence in the matching of CVE and Nixpkgs metadata

Depends on:

As a security team member, I want to have an overview of untriaged CVEs, displayed as a priority list. Each item in that list should only show the most relevant information: - CVE ID - CVE logline - Number of derivations affected - Number of channels affected The list should be sorted by some reasonable combination of - CVE age - CVE severity - Relevance for Nixpkgs (e.g. number of supposedly affected derivations) - Confidence in the matching of CVE and Nixpkgs metadata Depends on: - #221
erictapen commented 2024-10-04 10:49:34 +00:00 (Migrated from github.com)
Copy link

@fricklerhandwerk @RaitoBezarius and me discussed, that we will keep the concept of a match suggestion separate from a Nix security issue. That applies both to the internal model and how it's communicated to the user.

@fricklerhandwerk @RaitoBezarius and me discussed, that we will keep the concept of a match suggestion separate from a Nix security issue. That applies both to the internal model and how it's communicated to the user.
👍 1
erictapen commented 2024-10-08 15:09:52 +00:00 (Migrated from github.com)
Copy link

The wireframes we want to work with for now. From now I'll focus on implementation, to see how this works with real data.

tmp yRLhZ2GsEM
tmp 2jPHitPcr2

The wireframes we want to work with for now. From now I'll focus on implementation, to see how this works with real data. ![tmp yRLhZ2GsEM](https://github.com/user-attachments/assets/bc6fa432-de1f-4543-bc26-776bba181028) ![tmp 2jPHitPcr2](https://github.com/user-attachments/assets/118f79fe-d131-4e9b-9ab3-9c727fd44f09)
erictapen commented 2024-10-14 14:05:18 +00:00 (Migrated from github.com)
Copy link

Provenance of how the match was created could be represented in some background colors of the relevant fields
https://github.com/Nix-Security-WG/nix-security-tracker/pull/282

Provenance of how the match was created could be represented in some background colors of the relevant fields https://github.com/Nix-Security-WG/nix-security-tracker/pull/282
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
npins-auto-update
No results found.
Labels
Clear labels   
automation

   
backend

something the web server needs to provide the frontend with

  
bug

Something isn't working

  
contributor experience

   
data

something about quality or quantity of ingested data

  
deployment

   
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
nice to have

Nice to have, but not necessary for the time being

  
notifications

   
package maintainer

user story for package maintainers

  
performance

   
skin

Anything related to the visual presentation

  
tech debt

Activities that reduce tech debt

  
user story

description or implementation of a workflow

No labels
automation
backend
bug
contributor experience
data
deployment
documentation
duplicate
good first issue
help wanted
nice to have
notifications
package maintainer
performance
skin
tech debt
user story
Milestone
Clear milestone
No items
No milestone
0 Basic triaging
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-community/nix-security-tracker#203
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?