Comments (12)
The repository with OSV files is now migrated within k8s-sigs org: https://github.com/kubernetes-sigs/cve-feed-osv
from website.
Included this as a feature in beta -> GA work as a graduation criteria.
/triage accepted
from website.
Some ideas on how to implement this:
This repo https://github.com/aquasecurity/vuln-list-k8s is being migrated to k-sigs org: kubernetes/org#4873 as a community owned repo. But for the purposes of discussion let's use the repo in its current location.
Step 1: As input to content adapter we get a list of OSV JSON files from Github API: https://api.github.com/repos/aquasecurity/vuln-list-k8s/contents/upstream
Sample output:
{
"name": "CVE-2017-1002102.json",
"path": "upstream/CVE-2017-1002102.json",
"sha": "fb991a6b68caac15879c2eefebf1a72249d3ccfe",
"size": 1466,
"url": "https://api.github.com/repos/aquasecurity/vuln-list-k8s/contents/upstream/CVE-2017-1002102.json?ref=main",
"html_url": "https://github.com/aquasecurity/vuln-list-k8s/blob/main/upstream/CVE-2017-1002102.json",
"git_url": "https://api.github.com/repos/aquasecurity/vuln-list-k8s/git/blobs/fb991a6b68caac15879c2eefebf1a72249d3ccfe",
"download_url": "https://raw.githubusercontent.com/aquasecurity/vuln-list-k8s/main/upstream/CVE-2017-1002102.json",
"type": "file",
"_links": {
"self": "https://api.github.com/repos/aquasecurity/vuln-list-k8s/contents/upstream/CVE-2017-1002102.json?ref=main",
"git": "https://api.github.com/repos/aquasecurity/vuln-list-k8s/git/blobs/fb991a6b68caac15879c2eefebf1a72249d3ccfe",
"html": "https://github.com/aquasecurity/vuln-list-k8s/blob/main/upstream/CVE-2017-1002102.json"
}
}
Step 2: Iterate each file name with absolute path using the key download_url
and create a new dynamic page for each CVE
Step 3: https://kubernetes.io/example/security/CVE-2021-25749.json
points to the OSV format json file
Step 4: https://kubernetes.io/example/security/CVE-2021-25749
points to an auto-generated page that can be customized depending on for example whether a CVE is unfixed or not.
from website.
I'm willing to dig into this this issue if no one else is meant to take it @PushkarJ @sftim
from website.
Help is welcome @jbiers!
from website.
Step 1: As input to content adapter we get a list of OSV JSON files from Github API: https://api.github.com/repos/aquasecurity/vuln-list-k8s/contents/upstream
It's much easier if the machine readable feed is one file, rather than lots. If there are lots of files, we first need a single file with a list of the individual files to pull.
We can add the OSV data in a follow-up PR.
from website.
Also, we'd prefer to avoid needing API tokens for GitHub as part of the site build; it adds extra friction for new contributors.
from website.
Shorter URLs are an option too; eg https://k8s.io/security/CVE-2021-25749 can redirect to https://kubernetes.io/example/security/CVE-2021-25749
from website.
/assign
from website.
@sftim I have a question regarding the path where the CVE files should be created. Your suggestion was https://kubernetes.io/example/security/CVE-2019-11254, but as I understand currently the examples directory only contains example manifests in the form of yaml files.
My question is if it makes semantic sense to have the CVEs in this path and not somewhere like https://kubernetes.io/docs/reference/issues-security/cves/cve-2017-1002101/ or similar. If done this way, we could simply use the layouts currently used in other documentation pages, while in the /examples/ path a new one would have to be created.
Let me know if I did not make myself clear enough here 😄
from website.
Oh, the string example
was just an example! You should pick an actual URL path that makes sense to SIG Security.
The directory you use does not not need to exist in the Git source code.
from website.
If you find you want a new layout, SIG Docs can help out with that.
from website.
Related Issues (20)
- Localize Kubernetes website into Farsi HOT 5
- [ja] Translate docs/contribute/participate/roles-and-responsibilities.md into Japanese HOT 1
- Website search results less accurate after 'Pagefind' integration HOT 5
- label kubernetes.io/role is not mentioned in well-knwon labels while used in kubectl for display HOT 3
- The min and default values for failureThreshold are missing HOT 3
- Dead Link in App Armor Documentation HOT 2
- [ja] Translate docs/concepts/policy/pid-limiting.md into Japanese HOT 3
- In Certificates and Certificate Signing Requests, add hyperlink to CertificateSigningRequest API doc HOT 1
- Issue with k8s.io/ru/docs/reference/ HOT 5
- Improve blog contributing guide for release feature blogs HOT 2
- [fr] Inactive and deprecated interactive tutorial in "Learn Kubernetes Basics" page HOT 4
- [ja] Translate content/en/docs/concepts/storage/volume-attributes-classes.md into Japanese HOT 2
- [ja] Translate content/en/docs/concepts/services-networking/cluster-ip-allocation.md into Japanese HOT 1
- [ja] Translate content/en/docs/concepts/configuration/liveness-readiness-startup-probes.md into Japanese HOT 1
- Kubernetes documentation for Sidecar Containers HOT 6
- [pt-br] Best Practices section translation docs/setup/best-practices/cluster-large/ HOT 3
- Improve blog article summaries presentation with translator metadata in front matter HOT 3
- [ja] Translate content/en/blog/_posts/2024-07-19-kubernetes-1.31-deprecations-and-removals.md into Japanese into Japanese HOT 4
- Issue with k8s.io/docs/concepts/workloads/pods/ HOT 4
- Attach Handlers to Container Lifecycle Events HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website.