Automate creation of OpenVEX statements when new CVEs are created in Erlang/OTP repo #10189
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
Contributor
CT Test Results 3 files 135 suites 49m 51s ⏱️ Results for commit 7090f4d. ♻️ This comment has been updated with latest results. To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass. See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally. Artifacts// Erlang/OTP Github Action Bot |
kikofernandez
force-pushed
the
kiko/create-openvex-gh-prs
branch
3 times, most recently
from
a181616 to
92b942a
Compare
kikofernandez
force-pushed
the
kiko/create-openvex-gh-prs
branch
from
92b942a to
7090f4d
Compare
- automate the creation a pull request that contains OpenVEX statements from known GH Securities. To do this, the script pushes to upstream a new branch, named `vex` and creates the pull request against `master`. the branch `vex` is always created on top of `master` and contains new OpenVEX statements for the last three releases of Erlang/OTP. If there is already an open pull request for `vex`, the script skips pushing more stuff. when the pull request is merged, a new pull request will be created. the pull request creation is scheduled on a daily basis. - this PR also updated and formatted the openvex.table with missing CVEs and wrongly reported initial versions.
kikofernandez
force-pushed
the
kiko/create-openvex-gh-prs
branch
from
7090f4d to
e8952f2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
automate the creation a pull request that contains OpenVEX statements
from known GH Securities. To do this, the script pushes to upstream a
new branch, named
vexand creates the pull request againstmaster.the branch
vexis always created on top ofmasterand contains newOpenVEX statements for the last three releases of Erlang/OTP. If there
is already an open pull request for
vex, the script skips pushingmore stuff. when the pull request is merged, a new pull request will
be created. the pull request creation is scheduled on a daily basis.
this PR also updated and formatted the openvex.table with missing CVEs
and wrongly reported initial versions.
Notes
It is expected that the job
OpenVEX Security Syncfails in this PR because the job checkoutsmasterand runs the script with the wrong parameters. That script has been updated here, but the job is picking up the script from what it is currently inmaster. We need to merge this PR to see that it works. This has been tested in my fork with other people from OTP, so it should be relatively safe to merge, ignoring this failing workflow for now.