Finalise advisory schema
greysteil opened this issue · comments
It will be a pain for integrators if we have to make changes to the advisory schema, so we should finalise it as early as possible.
I can't see any problems with the following, but am happy to hear from wiser minds who think I'm missing something:
Attribute | Type | Description |
---|---|---|
package |
String | Name of the affected package. |
disclosure_date |
Date | Date the vulnerability was publicly disclosed (here or elsewhere). |
cve |
String/Null | (Optional) CVE assigned to the vulnerability. |
link |
String | Link to the original disclosure / more details. |
title |
String | Title of the vulnerability. This should be a (very) short description. |
description |
String | Description of the vulnerability. |
patched_versions |
Array | Array of Elixir requirement strings specifying patched versions. |
unaffected_versions |
Array | Array of Elixir requirement strings specifying unaffected versions. |
Note: we can always add additional fields later.
I will finalise the above on 1st May in the absence of any suggestions - no need to prolong uncertainty.
Finalised!