-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: improve false positive issue templat (#7130)
- Loading branch information
1 parent
f51f1e9
commit 5317434
Showing
1 changed file
with
12 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,28 +6,36 @@ body: | |
| - type: markdown | ||
| attributes: | ||
| value: | | ||
| False Positive identified. | ||
| **Automation is used to process most false positives reports**; failure to follow these guidelines will delay the process: | ||
| - Only enter a **single (1) Package URL**. | ||
| - Only enter a **single (1) CPE or CVE**. | ||
| - If filing a CPE report you do not need to add the CVEs. Note that **most reports should be for incorrectly matched CPEs**. | ||
| If reporting false positives for multiple PURL and/or CPE please file multiple reports. | ||
| Thank you for filing a false positive report! | ||
| - type: input | ||
| id: purl | ||
| attributes: | ||
| label: Package URl | ||
| description: The identified package URL as identified in the HTML Report. | ||
| description: Please enter the single identified package URL as identified in the HTML Report. Only a **single PURL** can be specified, if you are reporting more then one - please open two issues using this template. | ||
| placeholder: ex. pkg:maven/org.apache.logging.log4j/[email protected] | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: cpe | ||
| attributes: | ||
| label: CPE | ||
| description: The Common Platform enumeration (CPE) as identified in the HTML Report. Please put backtic characters around the CPE to ensure it displays correctly. | ||
| description: Please enter the single Common Platform enumeration (CPE) as identified in the HTML Report. Only a **single CPE** can be specified. **Please put backtic characters around the CPE to ensure it displays correctly**. | ||
| placeholder: ex. `cpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*` | ||
| validations: | ||
| required: true | ||
| - type: input | ||
| id: cve | ||
| attributes: | ||
| label: CVE | ||
| description: The vulnerability name as identified in the HTML Report. This is optional and may not be needed as most FP reports are due to an incorrect CPE. | ||
| description: The vulnerability name as identified in the HTML Report. If specifying a CPE this is not necassary; if entered please enter only a **signle CVE**; if multiple CVE should be suppressed please enter multiple FP reports. This is optional and may not be needed as most FP reports are due to an incorrect CPE. | ||
| placeholder: ex. CVE-2021-44228 | ||
| validations: | ||
| required: false | ||
|
|
||