Merge pull request #94834 from kcarmichael08/ROX-29729-remove-cve-map

kcarmichael08 · web-flow · commit 2c4cfe240818 · 2025-06-17T15:14:21.000-04:00
[ROX-29729] Remove CVE map from 4.7 scanner sources
diff --git a/modules/con-vuln-sources.adoc b/modules/con-vuln-sources.adoc
@@ -37,7 +37,6 @@ link:https://security.access.redhat.com/data/csaf/v2/vex/[Red{nbsp}Hat VEX]:: Us
 {product-title-short} might list a different number of vulnerabilities when you are scanning with a {product-title-short} version that uses OVAL, such as {product-title-short} version 4.5, and a version that uses VEX, such as version 4.6. For example, {product-title-short} no longer displays vulnerabilities with a status of "under investigation," while these vulnerabilities were included with previous versions that used OVAL data.
 +
 For more information about Red Hat security data, including information about the use of OVAL, Common Security Advisory Framework Version 2.0 (CSAF), and VEX, see link:https://www.redhat.com/en/blog/future-red-hat-security-data[The future of Red Hat security data].
-https://access.redhat.com/security/data/metrics/cvemap.xml[Red{nbsp}Hat CVE Map]:: This is used in addition with VEX data for images which appear in the link:https://catalog.redhat.com/software/containers/explore[Red{nbsp}Hat Container Catalog].
 link:https://osv.dev/[OSV]:: This is used for language-related vulnerabilities, such as Go, Java, JavaScript, Python, and Ruby. This source might provide
 vulnerability IDs other than CVE IDs for vulnerabilities, such as a GitHub Security Advisory (GHSA) ID.
 +

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,6 @@ link:https://security.access.redhat.com/data/csaf/v2/vex/[Red{nbsp}Hat VEX]:: Us`
`37`	`37`	`{product-title-short} might list a different number of vulnerabilities when you are scanning with a {product-title-short} version that uses OVAL, such as {product-title-short} version 4.5, and a version that uses VEX, such as version 4.6. For example, {product-title-short} no longer displays vulnerabilities with a status of "under investigation," while these vulnerabilities were included with previous versions that used OVAL data.`
`38`	`38`	`+`
`39`	`39`	`For more information about Red Hat security data, including information about the use of OVAL, Common Security Advisory Framework Version 2.0 (CSAF), and VEX, see link:https://www.redhat.com/en/blog/future-red-hat-security-data[The future of Red Hat security data].`
`40`		`-https://access.redhat.com/security/data/metrics/cvemap.xml[Red{nbsp}Hat CVE Map]:: This is used in addition with VEX data for images which appear in the link:https://catalog.redhat.com/software/containers/explore[Red{nbsp}Hat Container Catalog].`
`41`	`40`	`link:https://osv.dev/[OSV]:: This is used for language-related vulnerabilities, such as Go, Java, JavaScript, Python, and Ruby. This source might provide`
`42`	`41`	`vulnerability IDs other than CVE IDs for vulnerabilities, such as a GitHub Security Advisory (GHSA) ID.`
`43`	`42`	`+`