Skip to content

Automate VEX file entry creation #224

Description

@marco-ippolito

We can automate the insertion of an entry in https://github.com/nodejs/security-wg/tree/main/vuln/deps whenever we close an issue.
If the issue contains a label such that signals for example: "vulnerable_code_not_in_execute_path` the automation can generate a file x.json such as
https://github.com/nodejs/security-wg/blob/main/vuln/deps/3.json

Example:

  • User opens an issue
  • After triaging we believe its not a vulnerability
  • We close the issue with label vulnerable_code_not_in_execute_path
  • Automation picks it up and open a PR in https://github.com/nodejs/security-wg/blob/main/vuln/deps with a file x.json
  • We approve and merge the PR
  • The vex file gets updated
  • User scanner stops being triggered by that CVE

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions