Skip to content

Added CVE policy to README.md file #1099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jasnow wants to merge 5 commits into
base: master
Choose a base branch
from
+19 −13
Open

Added CVE policy to README.md file #1099

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
55cb9a5
Added CVE policy to README.md file
jasnow Jun 3, 2026
efeffd1
combined two lines
jasnow Jun 3, 2026
f92a4bc
Update README to remove extra CVE links
jasnow Jun 6, 2026
587b338
Added "reserved" along with "published" CVEs
jasnow Jun 6, 2026
2fa2bac
Flatten the contributing guidelines bullet lists
flavorjones Jun 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 19 additions & 13 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,19 +205,25 @@ patched_versions:
inclusion in this database.

# General Contributing Guidelines
* Advisory filename prefix naming preferance is:
* 1st choice: CVE, then GHSA, then OSVDB.
* Advisory filename (without suffix) should be equal to root `url:` field value.
* Try to keep all text within 80 columns.
* Run yamlint [`yamllint` tool](https://yamllint.readthedocs.io/en/stable/quickstart.html] to check yaml format. It find no issues.
* YAML must be indented by 2 spaces.
* Ruby YAML does not like embedded ":" characters.
* For more info:
* https://pypi.org/project/yamllint
* [HERE](https://github.com/rubysec/ruby-advisory-db/blob/master/.github/workflows/ruby.yml)
* Run `rspec spec/schema_validation_spec.rb` for aditional lint checks.
* Check all URLs for dead links. Sometimes find the URL https://web.archive.org .
* Please see the [README](README.md#schema) for more documentation on the YAML Schema.

* Advisory file name
* Preference is CVE, then GHSA, then OSVDB, in that order.
* Should be equal to root `url:` field value.
* For post-2016 advisories, use only "published" or "reserved" CVEs which are found at one of these web sites:
* https://nvd.nist.gov/vuln/search
* https://www.cve.org/CVERecord
* When present, the CVE should be used in the primary "url:", "cve:", and "related:"/"url:" fields.
* All text should be wrapped at 80 columns.
* Run [`yamllint`](https://yamllint.readthedocs.io/en/stable/quickstart.html] to check yaml format.
* YAML must be indented by 2 spaces.
* Ruby YAML does not like embedded ":" characters.
* For more info:
* https://pypi.org/project/yamllint
* [Github Action workflow](https://github.com/rubysec/ruby-advisory-db/blob/master/.github/workflows/ruby.yml)
* Run `rspec spec/schema_validation_spec.rb` for aditional lint checks.
* Check all URLs for dead links.
* If a URL is dead, check if https://web.archive.org has a copy, and link to that.
* Please see the [README](README.md#schema) for more documentation on the YAML Schema.

## Tests

Expand Down