-
Notifications
You must be signed in to change notification settings - Fork 36
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Publish certcc.github.io/SSVC (#534)
- Loading branch information
Showing
340 changed files
with
16,901 additions
and
7,430 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # These rules follow a last-match behavior. | ||
|
|
||
| # default (if nothing else matches) | ||
| * @ahouseholder @sei-vsarvepalli @cgyarbrough | ||
|
|
||
| # any markdown file in doc | ||
| /doc/**/*.md @ahouseholder @cgyarbrough @sei-vsarvepalli @j--- | ||
|
|
||
| # any markdown file in docs | ||
| /docs/**/*.md @ahouseholder @cgyarbrough @sei-vsarvepalli @j--- | ||
|
|
||
| # architecture decision records | ||
| /docs/adr/*.md @ahouseholder @cgyarbrough @sei-vsarvepalli @j--- | ||
|
|
||
| # ssvc-calc, wherever it lives | ||
| ssvc-calc/ @sei-vsarvepalli @ahouseholder | ||
|
|
||
| # source code | ||
| /src/ @ahouseholder @sei-vsarvepalli | ||
| *.py @ahouseholder | ||
| *.js @sei-vsarvepalli | ||
|
|
||
| # data | ||
| /data/ @sei-vsarvepalli @ahouseholder | ||
| /data/csvs @ahouseholder @j--- | ||
| /data/schema @sei-vsarvepalli | ||
| /data/schema_examples @sei-vsarvepalli | ||
|
|
||
| # website config | ||
| mkdocs.yml @ahouseholder | ||
|
|
||
| # github setup | ||
| /.github/ @ahouseholder @sei-vsarvepalli |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| --- | ||
| name: Bug report | ||
| about: Create a report to help us improve | ||
| title: Add a brief title for your report here | ||
| labels: bug | ||
| assignees: '' | ||
|
|
||
| --- | ||
|
|
||
| **Describe the bug** | ||
| A clear and concise description of what the bug is. | ||
|
|
||
| **To Reproduce** | ||
| Steps to reproduce the behavior: | ||
| 1. Go to '...' | ||
| 2. Click on '....' | ||
| 3. Scroll down to '....' | ||
| 4. See error | ||
|
|
||
| **Expected behavior** | ||
| A clear and concise description of what you expected to happen. | ||
|
|
||
| **Screenshots** | ||
| If applicable, add screenshots to help explain your problem. | ||
|
|
||
| **Platform details** | ||
| Include any relevant details like OS, browser, versions, etc. | ||
|
|
||
| **Additional context** | ||
| Add any other context about the problem here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| --- | ||
| name: Feature request | ||
| about: Suggest an idea for this project | ||
| title: Add a concise title for your request | ||
| labels: enhancement | ||
| assignees: '' | ||
|
|
||
| --- | ||
|
|
||
| **Is your feature request related to a problem? Please describe.** | ||
| A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] | ||
|
|
||
| **Describe the solution you'd like** | ||
| A clear and concise description of what you want to happen. | ||
|
|
||
| **Describe alternatives you've considered** | ||
| A clear and concise description of any alternative solutions or features you've considered. | ||
|
|
||
| **Additional context** | ||
| Add any other context or screenshots about the feature request here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| name: Question | ||
| about: Ask the SSVC team a question | ||
| title: Add a concise title for your question | ||
| labels: question | ||
| assignees: '' | ||
|
|
||
| --- | ||
|
|
||
| _Note:_ Questions for the SSVC team can be asked here in the form of an issue. More general questions directed at the SSVC user community | ||
| might be a better fit in the [Q&A](https://github.com/CERTCC/SSVC/discussions/categories/q-a) category of our | ||
| [Discussions](https://github.com/CERTCC/SSVC/discussions) area. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # To get started with Dependabot version updates, you'll need to specify which | ||
| # package ecosystems to update and where the package manifests are located. | ||
| # Please see the documentation for all configuration options: | ||
| # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
|
||
| version: 2 | ||
| updates: | ||
| - package-ecosystem: "pip" # See documentation for possible values | ||
| directory: "/" # Location of package manifests | ||
| schedule: | ||
| interval: "weekly" | ||
| groups: | ||
| mkdocs: | ||
| patterns: | ||
| - "mkdocs*" | ||
| update-types: | ||
| - "minor" | ||
| - "patch" | ||
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "weekly" | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| # Simple workflow for deploying static content to GitHub Pages | ||
| name: Deploy static content to Pages | ||
|
|
||
| on: | ||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
|
|
||
| # Runs on pushes targeting specific branch(es) | ||
| push: | ||
| branches: | ||
| - publish | ||
|
|
||
|
|
||
| # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | ||
| permissions: | ||
| contents: read | ||
| pages: write | ||
| id-token: write | ||
|
|
||
| # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. | ||
| # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. | ||
| concurrency: | ||
| group: "pages" | ||
| cancel-in-progress: false | ||
|
|
||
| jobs: | ||
| # Single deploy job since we're just deploying | ||
| deploy: | ||
| environment: | ||
| name: github-pages | ||
| url: ${{ steps.deployment.outputs.page_url }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: '3.10' | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| python -m pip install -r requirements.txt | ||
| - name: Setup Pages | ||
| uses: actions/configure-pages@v4 | ||
|
|
||
| - name: Build Site | ||
| run: | | ||
| mkdocs build --verbose --clean --config-file mkdocs.yml | ||
| - name: Upload artifact | ||
| uses: actions/upload-pages-artifact@v3 | ||
| with: | ||
| # Upload entire repository | ||
| path: 'site' | ||
|
|
||
| - name: Deploy to GitHub Pages | ||
| id: deployment | ||
| uses: actions/deploy-pages@v4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| name: Link Checker | ||
| on: | ||
| push: | ||
| branches: | ||
| # run on any push to main | ||
| - main | ||
| pull_request: | ||
| paths: | ||
| # run on any PR that modifies a markdown file | ||
| - '**/*.md' | ||
| # run on any PR that changes this workflow | ||
| - .github/workflows/linkchecker.yml | ||
| # let us trigger it manually | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| linkcheck: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: '3.10' | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| python -m pip install -r requirements.txt | ||
| python -m pip install linkchecker | ||
| - name: Install our python stuff | ||
| run: | | ||
| python -m pip install -e src | ||
| - name: Build Site | ||
| run: | | ||
| mkdocs build --verbose --clean --config-file mkdocs.yml | ||
| - name: Check links | ||
| run: | | ||
| linkchecker site/index.html | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| # This workflow will install Python dependencies, run tests and lint with a single version of Python | ||
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python | ||
|
|
||
| name: Python application | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| branches: [ "main" ] | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| build: | ||
|
|
||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-tags: true | ||
| - name: Set up Python 3.10 | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: "3.10" | ||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install pytest build | ||
| if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | ||
| # - uses: psf/black@stable | ||
| - name: Test with pytest | ||
| run: | | ||
| pytest | ||
| - name: Build | ||
| run: | | ||
| python -m build src | ||
| - name: Upload Artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ssvc | ||
| path: src/dist/ssvc-*.tar.gz | ||
| retention-days: 14 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -128,3 +128,4 @@ dmypy.json | |
| # Pyre type checker | ||
| .pyre/ | ||
| ssvc2-applier-wip.xlsx | ||
| _version.py | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,39 +1,17 @@ | ||
| # How to contribute | ||
|
|
||
| Thanks for your help on improving our stakeholder-specific vulnerability categorization work. To account for different stakeholder perspectives, we benefit from a diverse group of contributors. | ||
| Thanks for your help on improving our stakeholder-specific vulnerability categorization work. | ||
| To account for different stakeholder perspectives, we benefit from a diverse group of contributors. | ||
|
|
||
| ## Where to contribute | ||
| Please see our project documentation in the [wiki](https://github.com/CERTCC/SSVC/wiki) that accompanies this repository | ||
| for more information on how you can contribute to the project. | ||
|
|
||
| This repository contains both a written document with the English-langauge spec, and some code for automating application of SSVC. Contributions to these two parts of the project look different. We are focusing on getting the English right first, so we know what code to write. | ||
| Right now we don't have any plans for translations, but if you have interest in that let us know. | ||
| ## Licenses | ||
|
|
||
| # Contributing to the document | ||
|
|
||
| The English text lives in the `doc` [subfolder](https://github.com/CERTCC/SSVC/tree/main/doc). | ||
| We welcome any issues from anyone in the community, so we can discuss them and improve SSVC. If you have a suggestion, please create an issue. | ||
| In general, please create an issue before making a pull request to submit a change, except in the case of fixing a small typo, etc. | ||
| Please check that your suggestion does not overlap with existing [issues](https://github.com/CERTCC/SSVC/issues) (including [closed ones](https://github.com/CERTCC/SSVC/issues?q=is%3Aissue+is%3Aclosed+)) | ||
|
|
||
| In the `doc` folder, please see the `style-guide`, `crossref-how-to`, and `reference-how-to` for how to keep any suggestions or commits aligned with our style consistently. | ||
|
|
||
| # Contributing code | ||
|
|
||
| The tools for working with SSVC live in the `src` [subfolder](https://github.com/CERTCC/SSVC/tree/main/src). | ||
|
|
||
| We have limited tooling at the moment. The expectation is that these will mostly be flexible helper-type scripts and plug-ins. Therefore, interoperability is important. | ||
| Where the code implements or directly references some aspect of the English document, please make that linkage explicit. We use config files stored in `data` to to prevent code in `src` from having fragile dependencies on the English doc. | ||
| We would like to minimize manual change management, but at the very least we need to document where changes in the document need to result in changes to code. | ||
| Information likely to change based on changes to the English should go in config files to be stored in the `data` [subfolder](https://github.com/CERTCC/SSVC/tree/main/data). Code in the `src` folder should (as robustly as plausible) be reading that data in. | ||
|
|
||
| The process is similar to that for the doc, though the language is different. Please create issues before making pull requests. | ||
| Pull requests on code should be clear about what they've changed and what you've done. Thanks in advance! | ||
|
|
||
| # Licenses | ||
|
|
||
| - The license for all code in the repository is [here](https://github.com/CERTCC/SSVC/blob/main/LICENSE) | ||
| - The license for all English writing in the repository is [here](https://github.com/CERTCC/SSVC/blob/main/doc/version_1/900_license.md) | ||
| See [LICENSE](https://github.com/CERTCC/SSVC/blob/main/LICENSE) | ||
|
|
||
| # Questions | ||
| ## Questions | ||
|
|
||
| If you have any questions, a message to j--- should work, or tweet @zmanion or @\_\_adh\_\_. | ||
| If you have any questions, an [issue](https://github.com/CERTCC/SSVC/issues) or | ||
| [discussion](https://github.com/CERTCC/SSVC/discussions) is the best way to get in touch with us. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.