Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1084 commits
Select commit Hold shift + click to select a range
f4bcd59
We now check to see if the user can read the review
david-rocca May 4, 2026
ec82910
fixing some unit tests
david-rocca May 4, 2026
0e78d35
changing users and user roles should now create audit logs
david-rocca May 4, 2026
f39697c
Removing some items from the audit logs
david-rocca May 5, 2026
e34066c
Admin users can now add conversations
david-rocca May 5, 2026
cf33007
Hydration
david-rocca May 5, 2026
bbd272b
we can't have duplicate shortnames
david-rocca May 5, 2026
1c133fc
updated unit testS
david-rocca May 5, 2026
d9dd1c7
Updated openapi docs
david-rocca May 5, 2026
50a3864
Merge pull request #1797 from CVEProject/dr_various_cleanup_fixes
david-rocca May 7, 2026
97b34b4
changing contact info object
david-rocca May 7, 2026
922bce4
charter_or_scope should be a string
david-rocca May 7, 2026
bf5170b
Org admins can now see latest open review.
david-rocca May 7, 2026
68fab53
Audit will be only for secretariat
david-rocca May 7, 2026
0c7695e
org admins should have users uuids
david-rocca May 7, 2026
9687813
Also remove author_name
david-rocca May 7, 2026
81c8e96
Added more glossary definitions
david-rocca May 7, 2026
62661f1
Merge pull request #1804 from CVEProject/dr_07052026_fixes
david-rocca May 11, 2026
f2d481b
Fixed authenticate vs authorize ordering on routes in the Registry Or…
afoote-mitre May 11, 2026
6d92844
added explict integration test to make sure a secretariat can make an…
david-rocca May 12, 2026
93b068a
Merge branch 'v2.8.0_feature' of github.com:CVEProject/cve-services i…
david-rocca May 12, 2026
cf17d0f
Additional validation on conversation edits, to ensure user is author…
afoote-mitre May 12, 2026
780d475
Fixing linting errors
afoote-mitre May 12, 2026
4778497
Merge pull request #1808 from CVEProject/af-1773
david-rocca May 14, 2026
5656029
Merge pull request #1807 from CVEProject/af-1666
david-rocca May 14, 2026
7d40d7b
Merge pull request #1721 from CVEProject/v2.8.0_feature
jdaigneau5 May 14, 2026
6618b50
Bump postcss from 8.5.8 to 8.5.14
dependabot[bot] May 14, 2026
149a150
Updating version number in swagger docs
david-rocca May 14, 2026
9e77677
Actually change the version number
david-rocca May 14, 2026
b47c1e0
Merge pull request #1809 from CVEProject/dev
jdaigneau5 May 14, 2026
79262b4
updating a lot of swagger documentation
david-rocca May 19, 2026
ae85d51
Ensure that it is clear that audit is secretariat only
david-rocca May 19, 2026
b45dbb6
A few missing changes
david-rocca May 19, 2026
600043d
clean up some get user stuff
david-rocca May 19, 2026
c14e3b3
fix: update review object history with modified body on approval
david-rocca May 19, 2026
3f890f8
fixing lint issues
david-rocca May 19, 2026
0077c9b
Correcting UUID regex pattern in Base Org schema
afoote-mitre May 19, 2026
5eb5bc1
Fixing the Base Org schema in the schemas directory as well
afoote-mitre May 19, 2026
7ab49cc
Removing middleware schemas directory that was inadvertently added ba…
afoote-mitre May 19, 2026
3af4346
Admin's should not be able to post conversations to other orgs using …
david-rocca May 19, 2026
ec8ff9d
Merge pull request #1813 from CVEProject/af-1776
david-rocca May 19, 2026
c4e8748
resolve issue #1663, inconsistant calls of getAllByTargetUUID
david-rocca May 20, 2026
dbfb2dc
removed redundant stuff in models. Created unit tests to make sure th…
david-rocca May 20, 2026
0b36269
GET requests for non existent reviews now return a 200 with pendingRe…
afoote-mitre May 21, 2026
6d75e6a
Fixing automatic linting from previous commit
afoote-mitre May 21, 2026
ca5bb9c
Updated unit tests associated with GET review requests
afoote-mitre May 21, 2026
191fdad
Merge branch 'dev' into dr_documentation_updates
david-rocca May 21, 2026
d1960ed
Fixing automatic linting from previous commit again
afoote-mitre May 21, 2026
23fcd13
Merge pull request #1810 from CVEProject/dr_documentation_updates
david-rocca May 21, 2026
61bebc1
Merge branch 'dev' into dr_1699
david-rocca May 21, 2026
b6ba5c7
Merge pull request #1811 from CVEProject/dr_1699
david-rocca May 21, 2026
c098b87
Merge branch 'dev' into dr_1771
david-rocca May 21, 2026
588a76a
Merge pull request #1812 from CVEProject/dr_1771
david-rocca May 21, 2026
abc5073
Merge branch 'dev' into dr_cross_admin_conversation_bug
david-rocca May 21, 2026
3a01de6
Merge pull request #1814 from CVEProject/dr_cross_admin_conversation_bug
david-rocca May 21, 2026
5b9d5b9
Merge branch 'dev' into dr_1663
david-rocca May 21, 2026
b9a58d9
Merge pull request #1815 from CVEProject/dr_1663
david-rocca May 21, 2026
ef884cc
Merge branch 'dev' into dr_1682
david-rocca May 21, 2026
9ac3214
Merge pull request #1816 from CVEProject/dr_1682
david-rocca May 21, 2026
be6f248
Merge branch 'dev' into af-1819
david-rocca May 21, 2026
8aa91b3
Merge pull request #1820 from CVEProject/af-1819
david-rocca May 21, 2026
286741c
Fixing incorrect parsing of registry flag value in org controller mid…
afoote-mitre May 22, 2026
f981839
Prevent attempts to update a user's/org's UUID on an update request
afoote-mitre May 22, 2026
bfbdc2b
Properly handling read-after-writes in registry user controller
afoote-mitre May 22, 2026
d67ce80
Fixing linting issues from last commit
afoote-mitre May 22, 2026
7c7367a
Fix database inconsistency with account cleanup
afoote-mitre May 22, 2026
d4df615
Fixing linting issues from last commit
afoote-mitre May 22, 2026
451a5d3
Merge pull request #1821 from CVEProject/af-1667
david-rocca May 27, 2026
f9b9956
Merge branch 'dev' into af-1735
david-rocca May 27, 2026
519d232
Merge pull request #1822 from CVEProject/af-1735
david-rocca May 27, 2026
83fa1a5
Merge branch 'dev' into af-1730
david-rocca May 27, 2026
aff69a2
Merge branch 'dev' into af-1673
david-rocca May 27, 2026
7e40673
resolving 1729
david-rocca May 27, 2026
c0b4586
Merge pull request #1823 from CVEProject/af-1673
david-rocca May 27, 2026
3b099f6
Merge branch 'dev' into af-1730
david-rocca May 27, 2026
a352827
Merge pull request #1824 from CVEProject/af-1730
david-rocca May 27, 2026
656b147
Adding generate and reset_keys scripts
afoote-mitre May 28, 2026
06246ab
Fixing linting issues
afoote-mitre May 28, 2026
61a0f37
More lint fixes
afoote-mitre May 28, 2026
c6f0fca
Linting fixes
afoote-mitre May 28, 2026
766eebd
Merge branch 'dev' into dr_1729
david-rocca Jun 3, 2026
98958cc
Merge pull request #1828 from CVEProject/af-1827
david-rocca Jun 3, 2026
e386903
Bump fast-uri from 3.1.0 to 3.1.2
dependabot[bot] Jun 3, 2026
5a41746
remove some of the automagic from the program data dates
david-rocca Jun 3, 2026
883219a
move advisory scraping fields out of program_data nad require joint a…
david-rocca Jun 3, 2026
6af9389
Merge branch 'dev' into dr_1829
afoote-mitre Jun 3, 2026
329994c
Merge branch 'dev' into dr_1729
afoote-mitre Jun 3, 2026
a640c34
Merge pull request #1826 from CVEProject/dr_1729
afoote-mitre Jun 3, 2026
f34ddc9
Merge branch 'dev' into dr_1829
afoote-mitre Jun 3, 2026
c598ddf
cve_website_update_date should not have a time associated with it
david-rocca Jun 3, 2026
1fdd5bb
Merge pull request #1832 from CVEProject/dr_1829
afoote-mitre Jun 3, 2026
2dfe03d
Merge branch 'dev' into dr_1830
afoote-mitre Jun 3, 2026
3970669
Merge pull request #1833 from CVEProject/dr_1830
afoote-mitre Jun 3, 2026
90d031c
Merge branch 'dev' into dr_1831
afoote-mitre Jun 3, 2026
833844f
Merge pull request #1834 from CVEProject/dr_1831
afoote-mitre Jun 3, 2026
f6da1c0
Add expanded user map to registry org response
afoote-mitre Jun 3, 2026
d526016
Fixing lint issues
afoote-mitre Jun 3, 2026
9f7b94c
removing soft quota and renmaing hard quota to id_quota
david-rocca Jun 3, 2026
5a51f5a
linting
david-rocca Jun 3, 2026
1cfeda8
Merge branch 'dev' into dr_remove_soft_quota
david-rocca Jun 3, 2026
cffcc6a
Merge pull request #1836 from CVEProject/dr_remove_soft_quota
david-rocca Jun 3, 2026
b9fbf34
Merge pull request #1837 from CVEProject/dev
david-rocca Jun 4, 2026
bc01075
Add registry user expansion and update coverage
afoote-mitre Jun 4, 2026
0f5a173
Fix authenticated auth context UUID scoping
afoote-mitre Jun 10, 2026
4c84208
Fix registry org new_short_name authorization
afoote-mitre Jun 10, 2026
9dfdc49
Remove unused CVE ID org short name variable
afoote-mitre Jun 10, 2026
2822371
Refactor auth context UUID helpers
afoote-mitre Jun 10, 2026
28a590c
Allow partner_role_type arrays
afoote-mitre Jun 10, 2026
2c898c2
Mask registry org responses for PUT compatibility
afoote-mitre Jun 10, 2026
b7682e6
Fix registry user UUID logging
afoote-mitre Jun 10, 2026
7740dce
Fix registry user test lint assertions
afoote-mitre Jun 10, 2026
f05eca4
Fix user dual-write normalization
afoote-mitre Jun 10, 2026
6727449
Preserve registry org response schema fields
afoote-mitre Jun 10, 2026
7a572bd
Preserve underscore org response extension fields
afoote-mitre Jun 10, 2026
862ed5a
Merge pull request #1849 from CVEProject/af-1848
afoote-mitre Jun 11, 2026
edf63dc
Merge branch 'dev' into af-1846
afoote-mitre Jun 11, 2026
e882d9b
Merge branch 'dev' into af-1715
afoote-mitre Jun 11, 2026
f31ffda
test: use id_quota in registry org expand setup
afoote-mitre Jun 11, 2026
c1426d4
fix: limit registry org user UUID expansion
afoote-mitre Jun 11, 2026
85fafb8
Merge branch 'dev' into af-1840
afoote-mitre Jun 11, 2026
0d6ca7a
Merge branch 'dev' into af-1842
afoote-mitre Jun 11, 2026
4251800
Merge branch 'dev' into af-1845
afoote-mitre Jun 11, 2026
0087d6f
fix: normalize Secretariat conversation author names
afoote-mitre Jun 11, 2026
7122119
Merge pull request #1852 from CVEProject/af-1840
jdaigneau5 Jun 12, 2026
7ff2596
Merge branch 'dev' into af-1842
jdaigneau5 Jun 12, 2026
98d9c58
Log org update audit payload
afoote-mitre Jun 12, 2026
95aaba6
Merge branch 'dev' into af-1715
afoote-mitre Jun 12, 2026
5050ea7
Merge pull request #1851 from CVEProject/af-1842
jdaigneau5 Jun 12, 2026
14dc42c
Merge branch 'dev' into af-1715
afoote-mitre Jun 12, 2026
c315bea
Merge branch 'dev' into af-1853
afoote-mitre Jun 12, 2026
562defd
Merge branch 'dev' into af-1423
afoote-mitre Jun 12, 2026
4786e7d
Fix registry org payload UUIDs
afoote-mitre Jun 12, 2026
a8a6172
Fix registry user CRUD test syntax
afoote-mitre Jun 12, 2026
0143ef4
Return authority validation errors
afoote-mitre Jun 12, 2026
007f895
Merge pull request #1858 from CVEProject/af-1853
jdaigneau5 Jun 12, 2026
45f8668
Merge branch 'dev' into af-1856
afoote-mitre Jun 12, 2026
aa51806
Merge pull request #1859 from CVEProject/af-1856
jdaigneau5 Jun 12, 2026
d7eb46a
Merge branch 'dev' into af-1423
afoote-mitre Jun 12, 2026
6e94bf2
Merge branch 'dev' into af-1846
afoote-mitre Jun 12, 2026
4953d70
Merge branch 'dev' into af-1715
afoote-mitre Jun 12, 2026
4fe6ad2
Merge branch 'dev' into af-1845
afoote-mitre Jun 12, 2026
5a2cfad
Fix audit payload target UUIDs
afoote-mitre Jun 12, 2026
6380c3a
Fix generated test org quota fields
afoote-mitre Jun 15, 2026
a506ac0
Fix generated org advisory fields
afoote-mitre Jun 15, 2026
02adfde
Add optional Monday org migration flow
jdalphond-mitre Jun 16, 2026
e13de55
Merge pull request #1847 from CVEProject/af-1845
david-rocca Jun 16, 2026
90b7532
Adding private contacts from monday export.
jdalphond-mitre Jun 16, 2026
7c83671
Merge branch 'dev' into af-1715
david-rocca Jun 16, 2026
1a6cbd9
Merge branch 'dev' into jd_monday
david-rocca Jun 16, 2026
e3dcfec
Fixing artifactory links to npmjs
jdalphond-mitre Jun 16, 2026
14a640d
Merge pull request #1863 from CVEProject/jd_monday
david-rocca Jun 16, 2026
de960ad
Bump form-data from 4.0.5 to 4.0.6
dependabot[bot] Jun 16, 2026
617a976
Merge branch 'dev' into af-1715
david-rocca Jun 16, 2026
759302a
Merge pull request #1864 from CVEProject/dependabot/npm_and_yarn/form…
david-rocca Jun 16, 2026
c4bb94b
Merge branch 'dev' into af-1423
david-rocca Jun 16, 2026
6f894ea
Merge branch 'dev' into af-1846
david-rocca Jun 16, 2026
dd1125e
Merge branch 'dev' into dependabot/npm_and_yarn/fast-uri-3.1.2
david-rocca Jun 16, 2026
fc0a674
Merge pull request #1806 from CVEProject/dependabot/npm_and_yarn/fast…
david-rocca Jun 16, 2026
23b2b73
Merge branch 'dev' into dependabot/npm_and_yarn/postcss-8.5.13
david-rocca Jun 16, 2026
59f62b9
Bump qs and express
dependabot[bot] Jun 16, 2026
f460319
Fix registry org update auth error
afoote-mitre Jun 16, 2026
5347a83
Update OpenAPI server URL
afoote-mitre Jun 16, 2026
7240e34
Merge pull request #1796 from CVEProject/dependabot/npm_and_yarn/post…
david-rocca Jun 16, 2026
7427f0f
Merge branch 'dev' into dependabot/npm_and_yarn/multi-f792d6d6d9
david-rocca Jun 16, 2026
e2f9eef
Sanitize legacy org UUID responses
afoote-mitre Jun 16, 2026
9849b0b
Merge pull request #1825 from CVEProject/dependabot/npm_and_yarn/mult…
david-rocca Jun 16, 2026
6c5a768
Merge branch 'dev' into af-1846
david-rocca Jun 16, 2026
af7d98c
Return empty audit history for missing org
afoote-mitre Jun 16, 2026
151bee0
Merge pull request #1850 from CVEProject/af-1846
david-rocca Jun 16, 2026
95f8efc
Merge branch 'dev' into af-1862
afoote-mitre Jun 16, 2026
d69428c
Merge pull request #1865 from CVEProject/af-1862
david-rocca Jun 16, 2026
434ad25
Fixing partner_role_type to be an array during migration
jdalphond-mitre Jun 16, 2026
72351f1
Merge branch 'dev' into af-1715
afoote-mitre Jun 16, 2026
7bf82f8
Fix registry org get single auth context tests
afoote-mitre Jun 16, 2026
a6d0939
Merge pull request #1866 from CVEProject/jd_monday
david-rocca Jun 16, 2026
15c4385
Merge branch 'dev' into af-1715
david-rocca Jun 16, 2026
d371eb3
Merge pull request #1835 from CVEProject/af-1715
david-rocca Jun 16, 2026
986b1de
Merge branch 'dev' into af-1423
afoote-mitre Jun 16, 2026
ab82ed7
Fix registry org controller auth context test
afoote-mitre Jun 16, 2026
edcdd5b
Remove unsupported registry user membership fields
afoote-mitre Jun 16, 2026
e1418bc
Remove unused registry user update helper
afoote-mitre Jun 16, 2026
092a325
Merge pull request #1838 from CVEProject/af-1423
david-rocca Jun 16, 2026
b463177
Fixing a bug + adding a new version number
david-rocca Jun 17, 2026
a2b6860
Fixing failing test
david-rocca Jun 17, 2026
c0a06d2
Merge pull request #1867 from CVEProject/dev
david-rocca Jun 17, 2026
bb1f0bb
Fixing hung sessions
david-rocca Jun 24, 2026
2bf10f1
oversized json fix
david-rocca Jun 25, 2026
40489f5
Fixing the state of conversation middleware
david-rocca Jun 25, 2026
ef5e5e7
futureproof registry only users
david-rocca Jun 29, 2026
f55d7d8
Fixing some gt / lt searching
david-rocca Jun 29, 2026
c5b06c2
fixing wrongly named index
david-rocca Jun 30, 2026
f61d935
Merge pull request #1871 from CVEProject/dr_session_closures_fix
jdaigneau5 Jun 30, 2026
1bc8126
Merge branch 'dev' into dr_oversized_json_fix
david-rocca Jun 30, 2026
b333978
Fixing trimJSONWHITESPACE to avoiud queuing null values
david-rocca Jun 30, 2026
caa4f6f
Merge pull request #1872 from CVEProject/dr_oversized_json_fix
jdaigneau5 Jun 30, 2026
612dcee
Merge branch 'dev' into dr_conversation_route_validation_fixes
david-rocca Jun 30, 2026
0f85f10
Prevent append-audit requests without history from returning a 500
david-rocca Jun 30, 2026
449404f
validates cursor pagination limits correctly
david-rocca Jun 30, 2026
868e6c7
Merge pull request #1873 from CVEProject/dr_conversation_route_valida…
jdaigneau5 Jun 30, 2026
1306d18
Merge branch 'dev' into dr_1881
david-rocca Jun 30, 2026
a61244f
Fixes date only query filkter sanitization
david-rocca Jun 30, 2026
4fdd5f7
Import Monday updates data into private conversations as part of Mond…
cberger8 Jun 30, 2026
accabaf
Merge pull request #1887 from CVEProject/dr_1881
jdaigneau5 Jun 30, 2026
e355bb9
Merge branch 'dev' into dr_1874
jdaigneau5 Jun 30, 2026
4f4637e
Merge pull request #1888 from CVEProject/dr_1874
jdaigneau5 Jun 30, 2026
b0de1dc
Merge branch 'dev' into dr_1875
jdaigneau5 Jun 30, 2026
93842d4
Merge pull request #1889 from CVEProject/dr_1875
jdaigneau5 Jun 30, 2026
31549cf
Merge branch 'dev' into dr_1880
jdaigneau5 Jun 30, 2026
4bb974a
Hardens cve id modification against unauthenticated org short-name fa…
david-rocca Jun 30, 2026
3221933
Merge pull request #1890 from CVEProject/dr_1880
jdaigneau5 Jun 30, 2026
033c009
Merge branch 'dev' into dr_1882
jdaigneau5 Jun 30, 2026
e576e17
Merge pull request #1891 from CVEProject/dr_1882
jdaigneau5 Jun 30, 2026
e3f542e
Merge branch 'dev' into dr_1877
jdaigneau5 Jun 30, 2026
9510805
limits CVE-API-USER header length
david-rocca Jun 30, 2026
41b8b2d
Merge pull request #1892 from CVEProject/dr_1877
jdaigneau5 Jun 30, 2026
92d1d75
Merge branch 'dev' into dr_1879
jdaigneau5 Jun 30, 2026
8ba8f57
Merge pull request #1893 from CVEProject/dr_1879
jdaigneau5 Jun 30, 2026
b606bc0
Merge branch 'dev' into dr_1868
jdaigneau5 Jun 30, 2026
f153801
Merge pull request #1895 from CVEProject/dr_1868
jdaigneau5 Jun 30, 2026
ae9a42e
Merge branch 'dev' into dr_1869
jdaigneau5 Jun 30, 2026
99b21e5
hardens auth context helpers so unauthenticated requests cannot use u…
david-rocca Jun 30, 2026
cbc1b23
Merge pull request #1896 from CVEProject/dr_1869
jdaigneau5 Jun 30, 2026
d524f3b
Merge branch 'dev' into dr_1870
david-rocca Jun 30, 2026
0800b18
Merge pull request #1897 from CVEProject/dr_1870
jdaigneau5 Jul 1, 2026
2ed29e0
Updating some documentation
david-rocca Jul 1, 2026
8ef34dc
lockout cps
david-rocca Jul 1, 2026
51d76e5
Merge branch 'dev' into dr_documenation_cleanup_jul_1
david-rocca Jul 1, 2026
b88aebb
Merge pull request #1898 from CVEProject/dr_documenation_cleanup_jul_1
david-rocca Jul 1, 2026
ccbca7f
Removing cps user from tests
david-rocca Jul 1, 2026
37731a9
Incrementing to v2.8.2
afoote-mitre Jul 2, 2026
4747507
Merge branch 'dev' into dr_cps_cutoff
afoote-mitre Jul 2, 2026
da0a348
Reverting unintentional package.json change
afoote-mitre Jul 2, 2026
5f97e55
Merge branch 'dev' into dr_cps_cutoff
afoote-mitre Jul 2, 2026
c5c0525
Merge pull request #1899 from CVEProject/dr_cps_cutoff
afoote-mitre Jul 2, 2026
1284e91
Merge branch 'dev' into cb_monday_updates_migration
afoote-mitre Jul 2, 2026
28e8c77
Merge pull request #1894 from CVEProject/cb_monday_updates_migration
afoote-mitre Jul 2, 2026
fbc9be0
Merge pull request #1900 from CVEProject/dev
afoote-mitre Jul 2, 2026
35b946a
remove the ability to enumerate users
david-rocca Jul 6, 2026
9993e2d
fixing linting
david-rocca Jul 6, 2026
e400b73
fixing unit tests
david-rocca Jul 6, 2026
d45a923
Merge pull request #1905 from CVEProject/dr_403_always_on_user_get_fa…
jdaigneau5 Jul 7, 2026
4860103
Minor fixes before we deploy
david-rocca Jul 8, 2026
4d164d6
fixing tests
david-rocca Jul 8, 2026
cc27c11
Merge branch 'dev' into dr_pre_deploy_fixes
david-rocca Jul 8, 2026
dfec0aa
Increment version number
david-rocca Jul 8, 2026
c4dab97
Merge branch 'dr_pre_deploy_fixes' of github.com:CVEProject/cve-servi…
david-rocca Jul 8, 2026
4711bf8
Merge pull request #1906 from CVEProject/dr_pre_deploy_fixes
jdaigneau5 Jul 8, 2026
4474237
Merge pull request #1907 from CVEProject/dev
jdaigneau5 Jul 8, 2026
548d2e0
Merge branch 'master' into staging
david-rocca Jul 8, 2026
1dbf582
Fixing conflict
david-rocca Jul 8, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/test-http.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
- name: Sleep
run: bash -c "while ! docker compose --file docker/docker-compose.yml logs --tail=10 cveawg | grep -q 'Serving on port'; do sleep 1; done"
- name: Load Data into MongoDb
run: docker compose -f docker/docker-compose.yml exec -T cveawg npm run populate:dev y
run: docker compose -f docker/docker-compose.yml exec -T cveawg npm run populate:dev y; docker compose -f docker/docker-compose.yml exec -T cveawg npm run migrate:test-black-box
- name: Run Black Box Tests
run: |
docker compose --file test-http/docker/docker-compose.yml exec -T demon pytest src/ | tee test-http/src/testOutput.txt
Expand Down
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ yarn-debug.log*
yarn-error.log*
lerna-debug.log*

## Developer Agent stuff`
.agents/

# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json

Expand Down Expand Up @@ -104,3 +107,7 @@ commit-message.txt
# configuration) and provide an example instead
docker/.docker-env

**/export.xlsx
**/poc_admin_report.csv
**/~$*.xlsx
src/scripts/importDb.sh
36 changes: 36 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
*6/12/2025 NOTE: the Test environment of CVE Services now includes the release candidate “User Registry” which adds many additional features. See the details at the end of this ReadMe doc.*

# CVE-API

![CodeQL](https://github.com/CVEProject/cve-services/workflows/CodeQL/badge.svg)
Expand Down Expand Up @@ -124,6 +126,9 @@ When you start your local development server using `npm run start:dev` the speci

You can use `npm run swagger-autogen` to generate a new specification file.

### CVE Record Submission Validation Rules

As part of the submission processing, CVE Services "validates" that specific requirements are met prior to accepting the submission and posting the CVE Record to the CVE List. Validation rules for CVE Record Submission are noted [here](https://github.com/CVEProject/automation-working-group/blob/master/meeting-notes/files/CVERules.md).

### Unit Testing

Expand All @@ -137,3 +142,34 @@ In order to run the unit tests:
```sh
npm run start:test
```

### User Registry

The CVE Automation Working Group (on behalf of the CVE Program) is currently working on a new automation capability: the User Registry. The objective of the User Registry is to modernize how CVE Program Organizations (e.g., CNAs, Roots, Top level Roots, the Secretariat) manage/update their organizational properties and user pools. The new capability will ultimately allow CNAs, Roots, Top Level Roots to better manage their own data/user pools with more robust information. It is targeted to be implemented in a series of incremental deployments to CVE Services in the Fall/2025 through Summer/2026.

#### Current Status:

The release candidate for the first User Registry increment (termed the User Registry MVP) is now available for testing/review in the CVE Program Testing Environment. (Note that this release IS NOT a PRODUCTION Release and will not be visible in the CVE Program PRODUCTION environment).
This release candidate establishes a new, more robust User/Organizations databases (and associated APIs) while maintaining full backwards compatibility with the current User/Organizational management functions (meaning that current CVE Services clients will not be required to be modified with the deployment of this candidate). It was discussed at the [6/10/2025 CVE Program AWG meeting](https://github.com/CVEProject/automation-working-group/blob/master/meeting-notes/2025-06-10.md).

#### HowTo:

Credentialed users of CVE Services Test Environment will be able to use the new capabilities via the API endpoints which are described [here](https://cveawg-test.mitre.org/api-docs/) (Be sure to scroll down to the bottom of the page to review the new User Registry interfaces).

Credentialed users can access the APIs by

- installing/using common web application API testing tools such as [curl](https://curl.se/) or [postman](https://www.postman.com/) OR

- installing/using the [User Registry Client](https://github.com/CVEProject/cve-user-registry-client) which provides a GUI interface to exercise the basic functions of the User Registry.

Note that there is no support for these new endpoints in many currently available CVE Services “client” tools (e.g, Vulnogram) and hence they should not be relied upon to examine/test these interfaces.

#### Next Steps:

The AWG is taking comments/questions on this release candidate. You can provide feedback in three ways:

- Send comments/questions to AWG+owner@CVE-CWE-Programs.groups.io,

- Post Issues/Questions to the CVE Services Issue Board (please attach a “user registry” label to your post).

- Attend (virtually) an AWG meeting which meets every week on Tuesday at 4:00 PM Eastern US Time. Send a request for the link to AWG+owner@CVE-CWE-Programs.groups.io.
Loading
Loading