2023年2月1日 · The CSAF documentation provides recommendations for vendors on how to distribute CSAF files. Our publishing meets the requirements of the trusted provider role as defined in the standard. All published CSAF files have an accompanying detached signature file to verify each CSAF file's authenticity as well as a file containing the hash of the ...

2022年6月17日 · Red Hat Product Security is pleased to announce that a new security metadata offering, the Common Security Advisory Framework (CSAF), is now available in beta form. CSAF 2.0 is the successor to the Common Vulnerability Reporting Framework (CVRF) version 1.2, and contains many enhancements to the information provided in each CSAF file.

As of July 10th, 2024, Red Hat Product Security publishes CSAF files for every single Red Hat Security Advisory (RHSA) and VEX files for every single CVE record that is associated with the Red Hat portfolio in any way. The Common Security Advisory Framework (CSAF) was originally published as an open standard by OASIS Open in November 2022.

2024年7月10日 · Currently, Red Hat Product Security publishes CSAF advisories for every single security advisory and VEX files for every single CVE record that is associated with the Red Hat portfolio in any way. CSAF advisories and VEX files both use the CSAF machine-readable data standard that allows vendors to assert whether specific vulnerabilities affect ...

Common Security Advisory Framework (CSAF) is a language to exchange Security Advisories. It plays a crucial role in the cybersecurity arena since it allows stakeholders to automate the creation and consumption of security vulnerability information and remediation.

Red Hat Developer 学习资源 了解如何使用红帽最新解决方案构建灵活、可扩展、安全且可靠的应用程序。 红帽培训和认证 通过实操培训，获取知识、获得认证，并保持技术领先。 Red Hat Hybrid Cloud Console 入门 使用我们托管的产品和服务，在混合云中构建、部署和优化工作负载。 使用红帽互动实验室进行学习 通过基于实际用例的、可以自己控制进度的、动手实践操作的交换式课程学习。 探索受管的 OpenShift 指南 红帽专家提供的有关帮助您充分利用集群的课程。 …

The Common Security Advisory Framework (CSAF) Version 2.0 is the definitive reference for the language which supports creation, update, and interoperable exchange of security advisories as structured information on products, vulnerabilities and the status of impact and remediation among interested parties.

CSAF files using the VEX profile are now available at https://access.redhat.com/security/data/csaf/v2/advisories/ for production use. These files contain vulnerability information for each released Red Hat security advisory.

The Red Hat Security Data API exposes a list of endpoints to query security data with certain parameters and retrieve CSAF, CVE and OVAL data easily. Chapter 1. Overview. Red Hat Product Security is committed to providing tools and security data to …

CSAF is a standard for machine-readable security advisories developed by the OASIS CSAF Technical Committee. CSAF enables individuals and organizations to successfully disclose and consume security advisories in machine-readable format. The standard also specifies the distribution and discovery of CSAF documents.