Skip to content

Add CVE backport reachability gates#2590

Open
Errordog2 wants to merge 1 commit into
UnitOneAI:mainfrom
Errordog2:improve/cve-backport-runtime-reachability
Open

Add CVE backport reachability gates#2590
Errordog2 wants to merge 1 commit into
UnitOneAI:mainfrom
Errordog2:improve/cve-backport-runtime-reachability

Conversation

@Errordog2

@Errordog2 Errordog2 commented Jun 14, 2026

Copy link
Copy Markdown

Summary

  • add fix provenance inputs for upstream fixed versions, vendor backports, VEX/workaround decisions, and runtime evidence
  • require backport proof through vendor advisory, package changelog/security tracker, installed build ID, and scanner source awareness
  • add runtime loaded-path and reachability confidence evidence before downgrading severity as not affected or not reachable

Addresses #2501.

Validation

  • git diff --check
  • Markdown fence balance check
  • targeted marker check for backport proof, runtime reachability, loaded library path, reachability confidence, output evidence tables, and v1.0.1

@Errordog2 Errordog2 requested a review from kamalsrini as a code owner June 14, 2026 20:16
@Errordog2 Errordog2 mentioned this pull request Jun 14, 2026
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kamalsrini kamalsrini Awaiting requested review from kamalsrini kamalsrini is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Errordog2