Add support for CSAF 2.0 Publisher

Signed-off-by: mrizzi <[email protected]>

Author: mrizzi

pkg/csaf/csaf.go

@@ -38,6 +38,7 @@ type DocumentMetadata struct {
 	Title      string      `json:"title"`
 	Tracking   Tracking    `json:"tracking"`
 	References []Reference `json:"references"`
+	Publisher  Publisher   `json:"publisher"`
 }
 
 // Document references holds a list of references associated with the whole document.
@@ -58,6 +59,17 @@ type Tracking struct {
 	InitialReleaseDate time.Time `json:"initial_release_date"`
 }
 
+// Publisher provides information on the publishing entity.
+//
+// https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#3218-document-property---publisher
+type Publisher struct {
+	Category         string `json:"category"`
+	ContactDetails   string `json:"contact_details"`
+	IssuingAuthority string `json:"issuing_authority"`
+	Name             string `json:"name"`
+	Namespace        string `json:"namespace"`
+}
+
 // Vulnerability contains information about a CVE and its associated threats.
 //
 // https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html#323-vulnerabilities-property

pkg/csaf/csaf_test.go

@@ -34,6 +34,13 @@ func TestOpenRHAdvisory(t *testing.T) {
 	require.Equal(t, "AppStream-8.1.0.Z.MAIN.EUS", doc.FirstProductName())
 
 	require.Equal(t, "https://bugzilla.redhat.com/show_bug.cgi?id=1794290", doc.Vulnerabilities[0].IDs[0].Text)
+
+	// Publisher
+	require.Equal(t, doc.Document.Publisher.Category, "vendor")
+	require.Equal(t, doc.Document.Publisher.ContactDetails, "https://access.redhat.com/security/team/contact/")
+	require.Equal(t, doc.Document.Publisher.IssuingAuthority, "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.")
+	require.Equal(t, doc.Document.Publisher.Name, "Red Hat Product Security")
+	require.Equal(t, doc.Document.Publisher.Namespace, "https://www.redhat.com")
 }
 
 func TestFindFirstProduct(t *testing.T) {