Thanks to visit codestin.com
Credit goes to github.com

Skip to content

GHSA-qq97-vm5h-rrhg out-of sync. Why does it have different states? #224

New issue
New issue
Open
Open
GHSA-qq97-vm5h-rrhg out-of sync. Why does it have different states?#224
@mayrstefan

Description

@mayrstefan
mayrstefan
opened on Apr 26, 2022

When analyzing aquasecurity/trivy#2034 I was surprised to find the advisory id GHSA-qq97-vm5h-rrhg in two different states:

  1. GHSA-qq97-vm5h-rrhg from the repo maintainers which seems to be the most up-to-date version, including the CVE number
  2. GHSA-qq97-vm5h-rrhg as a public Github Advisory which has not been updated

Because I did not find a machine readable format of the first one I have to ask:

  • is there any automation to keep the official advisories in-sync (bot for automated pull requests on updates)?
  • where is the official process documented?
  • one id, two links, different information: which one is expected to be used by the public? I guess the second one because the on mouse over preview has more details

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions