ae486fa9af
The Security team wants to be able to mark bugs as Won't Fix or Invalid when the CVE pertains to an upstream component or driver that we do not include in StarlingX Story: 2007538 Task: 39357 Change-Id: I030f4ea0a7b9132b23796d7acf6c2650770b1d44 Signed-off-by: Saul Wold <sgw@linux.intel.com>
128 lines
2.8 KiB
Plaintext
128 lines
2.8 KiB
Plaintext
<head></head>
|
|
<body>
|
|
<h1>Security report from vuls scan from {{title}}</h1>
|
|
<h2>CVEs to fix w/o a launchpad assigned: {{cves_to_fix | length}}</h2>
|
|
<table>
|
|
{% if cves_to_fix|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_fix %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss2Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["au"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
<h2>CVEs to fix w/ a launchpad assigend: {{cves_to_fix_lp | length}}</h2>
|
|
<table>
|
|
{% if cves_to_fix_lp|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_fix_lp %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss2Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["au"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
<h2> CVEs to track for incoming fix: {{cves_to_track | length}}</h2>
|
|
<table>
|
|
{% if cves_to_track|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_track %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss2Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["au"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
<h2> CVEs that are Invalid or Won't Fix: {{cves_wont_fix | length}}</h2>
|
|
<table>
|
|
{% if cves_wont_fix|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_wont_fix %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss2Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["au"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
|
|
<h2> CVEs to omit: {{cves_to_omit | length}}</h2>
|
|
<table>
|
|
{% if cves_to_omit|length >= 1 %}
|
|
<tr>
|
|
{% for head in heads %}
|
|
<th>{{head}}</th>
|
|
{% endfor %}
|
|
</tr>
|
|
|
|
{% for cve in cves_to_omit %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
<td>{{cve["cvss2Score"]}}</td>
|
|
<td>{{cve["av"]}}</td>
|
|
<td>{{cve["ac"]}}</td>
|
|
<td>{{cve["au"]}}</td>
|
|
<td>{{cve["ai"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
|
|
<h2>ERROR: CVEs that have no cvss2Score or cvss2Vector:{{cves_w_errors | length}}</h2>
|
|
<table>
|
|
{% if cves_w_errors|length >= 1 %}
|
|
{% for cve in cves_w_errors %}
|
|
<tr>
|
|
<td>{{cve["id"]}}</td>
|
|
<td>{{cve["status"]}}</td>
|
|
</tr>
|
|
{% endfor %}
|
|
{% endif %}
|
|
</table>
|
|
</body>
|