diff --git a/docs/03_ingestion.md b/docs/03_ingestion.md index 88a2b98..97110df 100644 --- a/docs/03_ingestion.md +++ b/docs/03_ingestion.md @@ -63,7 +63,7 @@ Contains all source packages of each supported distribution of `glvd`. What dist --- ##### Table: `debsec_cve` -This table contains the entries of the CVE list (`debsec``) of each distribution defined in the `dist_cpe` table. Each CPE product provides its own CVE list which explains what CVE exists in context of the distribution and what the status of this corresponding CVE is. In some cases, CVE might be already fixed by the distribution. In such cases, the list would contain an entry explaining that the distribution is not affected by the corresponding CVE. +This table contains the entries of the CVE list (`debsec`) of each distribution defined in the `dist_cpe` table. Each CPE product provides its own CVE list which explains what CVE exists in context of the distribution and what the status of this corresponding CVE is. In some cases, CVE might be already fixed by the distribution. In such cases, the list would contain an entry explaining that the distribution is not affected by the corresponding CVE. For Debian for example, this table contains the CVE entries from this list here: * https://salsa.debian.org/security-tracker-team/security-tracker/-/blob/master/data/CVE/list @@ -91,4 +91,4 @@ Whereas the `devsec_cve` table is the plain representation of the given CVE list |`deb_version` | The latest version of the source package (e.g `2.3.1+dfsg1-1`) | |`deb_version_fixed` | The source pacakge version in which a given CVE has been fixed (e.g `1.2.11.15-1`)| |`debsec_vulnerable` | Defines if the CVE list entry (debsec) is affected by the CVE or not (e.g `f`) | -|`data_cpe_match` | The CPE match string for the given CVE in relation to the source package (e.g `{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=389-ds-base", "deb": {"versionLatest": "2.3.1+dfsg1-1", "versionEndExcluding": "1.2.11.15-1"}, "vulnerable": false}`)| \ No newline at end of file +|`data_cpe_match` | The CPE match string for the given CVE in relation to the source package (e.g `{"criteria": "cpe:2.3:o:debian:debian_linux:12:*:*:*:*:*:*:deb_source\\=389-ds-base", "deb": {"versionLatest": "2.3.1+dfsg1-1", "versionEndExcluding": "1.2.11.15-1"}, "vulnerable": false}`)|