path: root/bin/srt
diff options
authorDavid Reyna <David.Reyna@windriver.com>2020-01-12 17:44:16 -0800
committerDavid Reyna <David.Reyna@windriver.com>2020-01-12 17:44:16 -0800
commit889781b5a04a7c9226e45161105ad4d6a95ad1e9 (patch)
tree57cdbc001a43f457ce66370fd5ae88f4d67377d1 /bin/srt
parentab29b17e353d961a0736e678794cee4931e68422 (diff)
Bug 13734 - cumulative deployment features and fixes
srtool: cumulative deployment features and fixes High level new features: * Publishing support to external/public databases * Ability to label products as "active", "inactive", "under development" Inactive (EOL) products appear but * Do not affect status propagation * Do not auto-create defects Development product status is not exported to pubic database * Extend NIST download range to 2002..2019 * Added MITRE downloads to provide RESERVED tracking * Extended audit history tracking and meta-data * Delete CVE records * Ability to do "OR" searches (default is "AND") Example: "CVE-2019-20095 OR CVE-2019-20096 OR CVE-2019-19977" * Automated defect creation (Jira) If selected, creates customer defect for selected and active products Reuse existing defect if present for given product * Many small sorting, readability, edge case fixes Backups: * Add meta-data stamp file for each backup * Save daily backups with day name instead of day number * Preserve file dates when making copies to backup * Add list command Automated Updates: * Fix report format * Add trial run test Utilities: * Add 13 new database fix up procedures Some are one-shot historical fixes, some are learned validation checks Database Schema: * Add "SRTool" class to wrap shared enumerations (e.g. Priority) * Add "Update" class to tag and track audit trail objects * Change Priority naming to match CVE model instead of JIRA * Add srt_created/srt_updated to CVE/Vul/Inv/Notify for improved updating and auditing * Add to Defect the SRT versions of Status, Priority, Outcome To distinguish these from the customer's defect system's values Common Tools: * Fix new CVE auto-scoring to skip CVE's already scored (though still NEW) * Add automated propagation of Defects/Investigations status to parent Vulnerabilities See "srtool_common.py" for rule details CVEs: * Add MITRE as an automatic upstream source This is to specifically capture all of the "RESERVED" CVE enumerations which will not appear in the MIST databases, and have the CVE records in place for internal investigations and transitions to "public" status. * Spell out the command arguments in the NIST data source files for greater legibility * Change Priority naming to match CVE instead of JIRA * Add parallel status states for "inactive" products This specifically blocks state propagation from inactive objects to active objects NIST management script: * Refactor file for greater clarity * Reorder methods to reflect workflow order * Fully spell out names of objects * Remove temporary holding class "CVE" in favor of dictionary objects * Debugging enhancements * Incremental update commands for stepped debugging For example, ability to fetch/update specific CVE(s) * Additional debugging flags [YOCTO #13734] Signed-off-by: David Reyna <David.Reyna@windriver.com>
Diffstat (limited to 'bin/srt')
1 files changed, 1 insertions, 1 deletions
diff --git a/bin/srt b/bin/srt
index ac358d43..4cff6fd9 100755
--- a/bin/srt
+++ b/bin/srt
@@ -23,7 +23,7 @@ Usage 1: bin/srt start|stop [webport=<address:port>]
Optional arguments:
[webport] Set the SRTool server port (default: localhost:8000)
[noautoupdate] Disable the auto update server
-Usage 2: bin/srt manage [createsuperuser|lsupdates|migrate|checksettings|collectstatic|...]
+Usage 2: bin/srt manage [createsuperuser|lsupdates|migrate|makemigrations|checksettings|collectstatic|...]