Skip to content

Commit a8434ee

Browse files
fwilhefwilhe
committed
try w/o snippets for now
1 parent 1f3e6ba commit a8434ee

File tree

1 file changed

+0
-208
lines changed

1 file changed

+0
-208
lines changed

src/docs/asciidoc/index.adoc

Lines changed: 0 additions & 208 deletions
Original file line numberDiff line numberDiff line change
@@ -11,211 +11,3 @@ Find out more about GLVD at https://security.gardenlinux.org and https://github.
1111

1212
This document provides real HTTP requests and responses captured from API tests.
1313
The data shown is based on unit tests and may differ from production data, but the structure of requests and responses remains consistent.
14-
15-
== Triage Data
16-
17-
Triage is the process where the Garden Linux security team evaluates security vulnerabilities (CVEs) to determine their impact on Garden Linux releases.
18-
Getting Triage data is one of the main features of the GLVD API.
19-
20-
[TIP]
21-
.Understanding the 'resolved' Field
22-
====
23-
In GLVD, triage data gives extra context about a CVE for a specific Garden Linux release. For example, it can mark a CVE as a false positive or note that a fix is available upstream and will be included in a future release. Note that there may be multiple triages over time for the same CVE on the same Garden Linux version, as we go through the lifecycle of responding to the CVE.
24-
25-
The `resolved` (or `triageMarkedAsResolved`) field acts as an override. If set to `true`, it tells GLVD to treat the vulnerability as resolved, regardless of other data. If `false`, it has no effect.
26-
27-
The main field to check is `vulnerable`, which is available in the 'CVE Data' endpoints listed in this document. Its value depends on several factors, including data from the Debian Security Tracker and the `resolved` field.
28-
29-
Triages only exist for CVEs that were reported as 'vulnerable' by our upstream data sources.
30-
====
31-
32-
=== List Triages for a Garden Linux Release
33-
34-
Retrieve triaged security vulnerabilities for a Garden Linux release.
35-
36-
include::{snippets}/triagesGardenlinux/curl-request.adoc[]
37-
38-
Example response:
39-
40-
include::{snippets}/triagesGardenlinux/http-response.adoc[]
41-
42-
=== Get Triages for a CVE
43-
44-
Retrieve triage information for a specific CVE by its ID.
45-
46-
include::{snippets}/triagesCve/curl-request.adoc[]
47-
48-
Example response:
49-
50-
include::{snippets}/triagesCve/http-response.adoc[]
51-
52-
=== Get Triages for a Debian Source Package
53-
54-
Retrieve triage information for all CVEs related to a Debian source package.
55-
56-
include::{snippets}/triagesPackage/curl-request.adoc[]
57-
58-
Example response:
59-
60-
include::{snippets}/triagesPackage/http-response.adoc[]
61-
62-
=== List All Triages
63-
64-
Retrieve a list of triages regardless of the Garden Linux release.
65-
66-
include::{snippets}/triagesList/curl-request.adoc[]
67-
68-
Example response:
69-
70-
include::{snippets}/triagesList/http-response.adoc[]
71-
72-
== CVE Data
73-
74-
=== List CVEs by Distribution
75-
76-
Retrieve all CVEs for a given distribution and version:
77-
78-
include::{snippets}/getCveForDistro/curl-request.adoc[]
79-
80-
TIP: The `sortBy` and `sortOrder` query parameters are optional. If omitted, default sorting is applied.
81-
82-
Example response:
83-
84-
include::{snippets}/getCveForDistro/http-response.adoc[]
85-
86-
=== List CVEs by Image
87-
88-
Retrieve all CVEs for a given Garden Linux image and version.
89-
This applies a filter for the packages in the specified image.
90-
91-
Supported images are currently:
92-
93-
- `ali-gardener_prod`
94-
- `aws-gardener_prod`
95-
- `azure-gardener_prod`
96-
- `gcp-gardener_prod`
97-
- `openstack-gardener_prod`
98-
99-
include::{snippets}/getCveForImage/curl-request.adoc[]
100-
101-
Example response:
102-
103-
include::{snippets}/getCveForImage/http-response.adoc[]
104-
105-
=== List CVEs for Packages by Distribution
106-
107-
Retrieve all CVEs for a list of packages in a specified distribution.
108-
Package names are comma-separated (URL-encoding may be required).
109-
110-
include::{snippets}/getCveForPackages/curl-request.adoc[]
111-
112-
Example response:
113-
114-
include::{snippets}/getCveForPackages/http-response.adoc[]
115-
116-
=== List CVEs for Packages by Distribution (PUT)
117-
118-
Retrieve all CVEs for a list of packages in a specified distribution.
119-
Package names are provided in the request body as JSON.
120-
121-
include::{snippets}/getCveForPackagesPut/curl-request.adoc[]
122-
123-
Example response:
124-
125-
include::{snippets}/getCveForPackagesPut/http-response.adoc[]
126-
127-
=== Get Vulnerabilities for a Package
128-
129-
Retrieve vulnerabilities for a specific package.
130-
131-
include::{snippets}/getPackageWithVulnerabilities/curl-request.adoc[]
132-
133-
Example response:
134-
135-
include::{snippets}/getPackageWithVulnerabilities/http-response.adoc[]
136-
137-
=== Get Vulnerabilities for a Package by Version
138-
139-
Retrieve vulnerabilities for a specific package and version.
140-
141-
include::{snippets}/getPackageWithVulnerabilitiesByVersion/curl-request.adoc[]
142-
143-
Example response:
144-
145-
include::{snippets}/getPackageWithVulnerabilitiesByVersion/http-response.adoc[]
146-
147-
=== List Packages Affected by a Vulnerability
148-
149-
Retrieve a list of packages affected by a specific vulnerability.
150-
151-
include::{snippets}/getPackagesByVulnerability/curl-request.adoc[]
152-
153-
Example response:
154-
155-
include::{snippets}/getPackagesByVulnerability/http-response.adoc[]
156-
157-
=== Get CVE Details with Triage Data
158-
159-
Retrieve information about a CVE by its ID.
160-
If triage data is available for this CVE, it is included in the response.
161-
162-
include::{snippets}/getCveDetailsWithContexts/curl-request.adoc[]
163-
164-
Example response:
165-
166-
include::{snippets}/getCveDetailsWithContexts/http-response.adoc[]
167-
168-
==== Linux Kernel CVEs
169-
170-
For CVEs affecting the Linux kernel, the response structure differs.
171-
Data is sourced from upstream kernel developers for LTS kernel versions in Garden Linux.
172-
173-
NOTE: For the Linux kernel, Garden Linux always builds LTS kernels directly from the upstream source, applying both Debian patches and custom patches as needed. Therefore, CVEs reported by Debian for the kernel do not directly apply. Instead, kernel vulnerability information is sourced from upstream kernel developers, and Debian kernel CVEs are ignored in Garden Linux.
174-
175-
include::{snippets}/getCveDetailsWithContextsKernel/curl-request.adoc[]
176-
177-
Example response:
178-
179-
include::{snippets}/getCveDetailsWithContextsKernel/http-response.adoc[]
180-
181-
=== Get CVE Details for Non-Debian CVEs
182-
183-
For CVEs not present in the Debian Security Tracker, only basic information is provided.
184-
185-
include::{snippets}/getCveDetailsNonDebian/curl-request.adoc[]
186-
187-
Example response:
188-
189-
include::{snippets}/getCveDetailsNonDebian/http-response.adoc[]
190-
191-
== Garden Linux Release Data
192-
193-
=== List All Garden Linux Releases
194-
195-
Retrieve all known Garden Linux releases in GLVD.
196-
197-
include::{snippets}/getAllGardenLinuxVersions/curl-request.adoc[]
198-
199-
Example response:
200-
201-
include::{snippets}/getAllGardenLinuxVersions/http-response.adoc[]
202-
203-
=== List Packages in a Distribution
204-
205-
Retrieve a list of packages for a given distribution.
206-
207-
include::{snippets}/getPackages/curl-request.adoc[]
208-
209-
Example response:
210-
211-
include::{snippets}/getPackages/http-response.adoc[]
212-
213-
=== Get Release Notes
214-
215-
Retrieve information about fixed security vulnerabilities in a minor release of Garden Linux.
216-
217-
include::{snippets}/releaseNotes/curl-request.adoc[]
218-
219-
Example response:
220-
221-
include::{snippets}/releaseNotes/http-response.adoc[]

0 commit comments

Comments
 (0)