From 656dea90740a0c1cbc32e020c3e7543eddb7a7a2 Mon Sep 17 00:00:00 2001 From: Dimitri John Ledkov Date: Mon, 3 Feb 2025 12:00:24 +0000 Subject: [PATCH] Symlink NVD CPE search --- docs/PACKAGE_METADATA_FOR_EXECUTABLE_FILES.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/PACKAGE_METADATA_FOR_EXECUTABLE_FILES.md b/docs/PACKAGE_METADATA_FOR_EXECUTABLE_FILES.md index 46b4e00bddd..21ff5d80761 100644 --- a/docs/PACKAGE_METADATA_FOR_EXECUTABLE_FILES.md +++ b/docs/PACKAGE_METADATA_FOR_EXECUTABLE_FILES.md @@ -90,7 +90,7 @@ Value: a single JSON object encoded as a NUL-terminated UTF-8 string "version":"4711.0815.fc13", "architecture":"arm32", "osCpe": "cpe:2.3:o:fedoraproject:fedora:33", # A CPE name for the operating system, `CPE_NAME` from os-release is a good default - "appCpe": "cpe:2.3:a:gnu:coreutils:5.0", # A CPE name for the upstream application, check NVD + "appCpe": "cpe:2.3:a:gnu:coreutils:5.0", # A CPE name for the upstream application, use NVD CPE search "debugInfoUrl": "https://debuginfod.fedoraproject.org/" } ``` @@ -136,9 +136,11 @@ A set of well-known keys is defined here, and hopefully shared among all vendors | version | The source package version | 4711.0815.fc13 | | architecture | The binary package architecture | arm32 | | osCpe | A CPE name for the OS, typically corresponding to CPE_NAME in os-release | cpe:2.3:o:fedoraproject:fedora:33 | -| appCpe | A CPE name for the upstream Application, check NVD | cpe:2.3:a:gnu:coreutils:5.0 | +| appCpe | A CPE name for the upstream Application, as found in [NVD CPE search] | cpe:2.3:a:gnu:coreutils:5.0 | | debugInfoUrl | The debuginfod server url, if available | https://debuginfod.fedoraproject.org/ | +[NVD CPE search]: https://nvd.nist.gov/products/cpe/search + ### Displaying package notes The raw ELF section can be extracted using `objdump`: -- 2.47.3