Skip to content

Commit d8dcc2e

Browse files
jasnowjasnow
authored
Merge pull request #1099 from jasnow/add-cve-policy
Added CVE policy to README.md file
2 parents 365ed20 + 2fa2bac commit d8dcc2e

1 file changed

Lines changed: 19 additions & 13 deletions

File tree

README.md

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -205,19 +205,25 @@ patched_versions:
205205
inclusion in this database.
206206

207207
# General Contributing Guidelines
208-
* Advisory filename prefix naming preferance is:
209-
* 1st choice: CVE, then GHSA, then OSVDB.
210-
* Advisory filename (without suffix) should be equal to root `url:` field value.
211-
* Try to keep all text within 80 columns.
212-
* Run yamlint [`yamllint` tool](https://yamllint.readthedocs.io/en/stable/quickstart.html] to check yaml format. It find no issues.
213-
* YAML must be indented by 2 spaces.
214-
* Ruby YAML does not like embedded ":" characters.
215-
* For more info:
216-
* https://pypi.org/project/yamllint
217-
* [HERE](https://github.com/rubysec/ruby-advisory-db/blob/master/.github/workflows/ruby.yml)
218-
* Run `rspec spec/schema_validation_spec.rb` for aditional lint checks.
219-
* Check all URLs for dead links. Sometimes find the URL https://web.archive.org .
220-
* Please see the [README](README.md#schema) for more documentation on the YAML Schema.
208+
209+
* Advisory file name
210+
* Preference is CVE, then GHSA, then OSVDB, in that order.
211+
* Should be equal to root `url:` field value.
212+
* For post-2016 advisories, use only "published" or "reserved" CVEs which are found at one of these web sites:
213+
* https://nvd.nist.gov/vuln/search
214+
* https://www.cve.org/CVERecord
215+
* When present, the CVE should be used in the primary "url:", "cve:", and "related:"/"url:" fields.
216+
* All text should be wrapped at 80 columns.
217+
* Run [`yamllint`](https://yamllint.readthedocs.io/en/stable/quickstart.html] to check yaml format.
218+
* YAML must be indented by 2 spaces.
219+
* Ruby YAML does not like embedded ":" characters.
220+
* For more info:
221+
* https://pypi.org/project/yamllint
222+
* [Github Action workflow](https://github.com/rubysec/ruby-advisory-db/blob/master/.github/workflows/ruby.yml)
223+
* Run `rspec spec/schema_validation_spec.rb` for aditional lint checks.
224+
* Check all URLs for dead links.
225+
* If a URL is dead, check if https://web.archive.org has a copy, and link to that.
226+
* Please see the [README](README.md#schema) for more documentation on the YAML Schema.
221227

222228
## Tests
223229

0 commit comments

Comments
 (0)