SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 18:15:42 +01:00
Code Issues Releases Activity Actions

Amend checker docs to explain why authorization for RED/AMBER advisories needs to be genuine

Browse source
This commit is contained in:
JanHoefelmeyer 2023-06-22 13:46:16 +02:00
parent 18732f26ba
commit 9967bfffe6
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/csaf_checker.md
View file

@ -52,5 +52,5 @@ see https://github.com/csaf-poc/csaf_distribution/issues/221 .
If a provider hosts one or more advisories with a TLP level of AMBER or RED, then these advisories should be access protected. If a provider hosts one or more advisories with a TLP level of AMBER or RED, then these advisories should be access protected.
To check these advisories, authorization can be given via custom headers or certificates. To check these advisories, authorization can be given via custom headers or certificates.
The authorization method chosen should grant access to all advisories, as otherwise the The authorization method chosen needs to grant access to all advisories, as otherwise the
checker will be unable to check all advisories and returns likely wrong output. checker will be unable to check the advisories it doesn't have permission for, falsifying the result.