Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a JIRA layer #30

Open
seemantk opened this issue Mar 4, 2022 · 5 comments
Open

Create a JIRA layer #30

seemantk opened this issue Mar 4, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@seemantk
Copy link

seemantk commented Mar 4, 2022

this is a Funtoo-specific request. It would be great if vulner could be the interface for security/cve bugs. The workflow I envision:

  1. run vulner --recursive --jira on the meta-repo
  2. for each CVE found: check if JIRA ticket exists. if not, create a new ticket
  3. link each ticket to the CVEs.
  4. When a JIRA ticket is closed with PR Merge, record the new -r revision
@mrl5
Copy link
Owner

mrl5 commented Mar 4, 2022
edited
Loading

  1. run vulner --recursive --jira on the meta-repo

@seemantk did you mean vulner scan --recursive --jira?

@mrl5 mrl5 added the enhancement New feature or request label Mar 4, 2022
@seemantk
Copy link
Author

seemantk commented Mar 5, 2022 via email

@mrl5
Copy link
Owner

mrl5 commented Sep 11, 2022
edited
Loading

use cases:

  1. as a funtoo linux maintainer I'd like to have a tool that creates security vulnerability tickets in a standard way based on vulner scan findings

  2. as a funtoo linux user I'd like to know if there is already a jira ticket for cve reported in scan result

  3. as a funtoo linux user I'd like a CLI command that lists security vulnerability tickets that are not fixed

@mrl5
Copy link
Owner

mrl5 commented Sep 11, 2022
edited
Loading

self-notes:

  • UC2: curl -s 'https://bugs.funtoo.org/rest/api/latest/search?fields=key&jql=issuetype%20%3D%2010200%20AND%20text%20~%20CVE-2022-1292' | jq '.issues[].key'
  • UC3: curl -s 'https://bugs.funtoo.org/rest/api/latest/search?fields=key,summary&jql=issuetype%20%3D%2010200%20AND%20statuscategory%20!%3D%20Done' | jq '.issues[] | {key: .key, summary: .fields.summary}'

https://docs.atlassian.com/software/jira/docs/api/REST/9.2.0/#api/2/

mrl5 added a commit that referenced this issue Sep 12, 2022
@mrl5
feat(cli): tracker - new command that prints contents of OS vulnerabi…
02da2d6 
…lity tracker [#30]

UC: I want to list bug tracker security vulnerability tickets that are not fixed
mrl5 added a commit that referenced this issue Sep 13, 2022
@mrl5
feat(cli): tracker - new command that prints contents of OS vulnerabi…
12320f7 
…lity tracker [#30]

UC: I want to list bug tracker security vulnerability tickets that are not fixed
mrl5 added a commit that referenced this issue Sep 13, 2022
@mrl5
Merge pull request #60 from mrl5/issue-30
ebc0db7 
feat(cli): tracker - new command that prints contents of OS vulnerability tracker [#30]
mrl5 added a commit that referenced this issue Sep 13, 2022
@mrl5
feat(scan): include Funtoo bugtracker tickets for detected CVEs [#30]
9c04bca
mrl5 added a commit that referenced this issue Sep 13, 2022
@mrl5
feat(scan): include Funtoo bugtracker tickets for detected CVEs [#30]
825c867 
as a funtoo linux user I'd like to know if there is already a jira
ticket for cve reported in scan result
mrl5 added a commit that referenced this issue Sep 13, 2022
@mrl5
Merge pull request #62 from mrl5/issue-30
ed39e7a 
feat(scan): include Funtoo bugtracker tickets for detected CVEs [#30]
@mrl5
Copy link
Owner

mrl5 commented Sep 13, 2022

still todo:

UC: as a funtoo linux maintainer I'd like to have a tool that creates security vulnerability tickets in a standard way based on vulner scan findings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seemantk @mrl5