Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

exclusively-hosted-service and unsupported-when-assigned tags should apply to affected element not CNA contaner #13

Open
zmanion opened this issue Jun 12, 2024 · 0 comments

Comments

@zmanion
Copy link

zmanion commented Jun 12, 2024

The exclusively-hosted-service and unsupported-when-assigned tags (glossary, schema) apply to the entire CNA container. Should they instead apply to an affected element?

Real world example: Given a CVE ID that affects Adminer (unsupported, will not be fixed) and AdminerEvo (fork of Adminer, supported, fixed), there is currently not a machine-readable way to specifify that Adminer is EOL.

Example: A CVE ID affects software that exists both as a service and an "on-prem" product. It is not possible to indicate that one affected element is a cloud service while another element is not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant