### Contribution Guidelines for CVE Pilot Source: https://github.com/cveproject/cvelist/blob/master/README.md Details on how to participate in the CVE Automation Working Group Git Pilot are provided in the CONTRIBUTING.md file. This guides contributors on submitting information and adhering to the pilot's objectives. ```APIDOC How to Contribute: - Refer to the CONTRIBUTING.md file for detailed instructions. - The pilot aims to gather insights on necessary features and attributes for automated vulnerability information exchange. - Participation involves sharing information formatted according to the CVE JSON schema. ``` -------------------------------- ### Git Workflow for CVE Project Contribution Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Visual representation of the Git branching and pull request workflow for contributing to the CVE Project cvelist repository. This illustrates forking, cloning, branching, pushing, and the eventual merge process. ```git github.com/CVEProject/cvelist --> fork --> github.com/$YOU/cvelist ^ | | merge | | git clone `-------- Accepted? | ^ V | /localpath/repo/cvelist create | pull request | | | git branch git branch github.com/$YOU/cvelist/$YOUR_BRANCH | | | | V | V some_other_branch `-- push to your github <-- $YOUR_BRANCH ``` -------------------------------- ### Pushing Local Changes to Fork Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Pushes any updates from your local repository's master branch to your fork on GitHub.com. ```git git push ``` -------------------------------- ### Syncing Fork with Upstream Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Fetches the latest changes from the upstream repository and merges them into your local master branch to ensure your fork is up-to-date. ```git git fetch upstream git checkout master git merge upstream/master ``` -------------------------------- ### Switching to a New Branch Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Changes the current working branch to the newly created branch for making modifications. ```git git checkout $YOUR_BRANCH ``` -------------------------------- ### Validating JSON against Schema Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Validates a JSON file against a specified JSON schema using the 'jsonschema' command-line tool. ```json jsonschema -i CVE-2017-1234.json CVE_JSON_4.0_min_public.schema ``` -------------------------------- ### Setting Upstream Remote Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Configures the upstream repository for fetching updates, essential for keeping your fork synchronized with the main project. ```git git remote add upstream git@github.com:CVEProject/cvelist.git ``` -------------------------------- ### Validating JSON with Python Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Uses Python's built-in JSON module to pretty-print and validate the structure of a JSON file. ```python python -m json.tool < CVE-2017-1234.json ``` -------------------------------- ### Committing and Pushing Changes Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Commits staged changes locally and then pushes the current branch to the remote repository on GitHub. ```git git commit -av git push origin $YOUR_BRANCH ``` -------------------------------- ### CVE Information Content and Updates Source: https://github.com/cveproject/cvelist/blob/master/README.md Files in this repository contain CVE descriptions and references from the official CVE List. They may also include affected product information and problem types supplied by CNAs, aiming for richer vulnerability data as supported by the CVE JSON schema. ```APIDOC File Contents: - CVE Description: Textual description of the vulnerability. - References: Links to external resources related to the CVE. - Affected Products (Optional): Information about products impacted by the vulnerability. - Problem Types (Optional): Categorization of the vulnerability. Update Process: - Files are updated automatically every hour using information from the official CVE List. - Synchronization job starts at the top of the hour and typically completes within 5 minutes. - Updates occur only if there have been changes in the official CVE List. ``` -------------------------------- ### CVE JSON Format Submission Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md CNAs are required to format their submissions using the CVE JSON format. This format is essential for automated processing and consistency within the CVE database. Tools like Vulnogram are recommended for users unfamiliar with the JSON schema. ```APIDOC CVE JSON Format: - Submissions from CNAs must adhere to the CVE JSON schema. - Schema location: https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema Recommended Tool: - Vulnogram: A web-based interface for creating and editing CVE information. - URL: https://vulnogram.github.io/ ``` -------------------------------- ### Creating a New Branch Source: https://github.com/cveproject/cvelist/blob/master/CONTRIBUTING.md Creates a new branch based on the master branch, allowing for isolated development of specific submissions or updates. ```git git branch $YOUR_BRANCH master ``` -------------------------------- ### CVE File Structure and Naming Convention Source: https://github.com/cveproject/cvelist/blob/master/README.md Information for each CVE ID is stored in a unique file within subdirectories based on the year and a truncated portion of the ID. This structure helps organize a large volume of vulnerability data. ```APIDOC Repository Structure: - Subdirectories represent years (e.g., '2017'). - Within each year directory, subdirectories are named based on the numeric portion of the CVE ID, truncated by 1,000. - Example: '2017/3xxx' for CVE-2017-3000 to CVE-2017-3999. - Example: '2017/1002xxx' for CVE-2017-1002000 to CVE-2017-1002999. File Naming: - Each CVE ID has a unique file. - The file content adheres to the CVE JSON format. ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.