Skip to content

Add logging for packages and vulnerabilities #1007

@TG1999

Description

@TG1999

A log should have:

  • action date
  • actor (importer/ improver)
  • object (package/vulnerability)
  • supporting data (how object and actor are associated, source of the log for example: URL of the advisory)
  • vulnerablecode version ( version of vulnerablecode that was used at that time )

In VCIO we have these kind of situations as of now that we want to log:

  • Importing an Advisory into VCIO - We need to log when the advisory was actually published upstream for every vulnerability and by which data source we have imported that advisory into VCIO with the source URL.
  • Package-Vulnerability relationship logs - If a package is affected by/fixing a vulnerability, we should log it on the package and vulnerability side with the date when this inference was drawn.

See related issues:

Reported by @pombredanne

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions