NAME¶

wolfictl-advisory-create - Create a new advisory

SYNOPSIS¶

wolfictl advisory create [flags]

DESCRIPTION¶

Create a new advisory.

Use this command to create a new advisory, i.e. when the given package/vulnerability combination doesn't already exist in the advisories repo. If the package/vulnerability combination already exists, use the "update" command instead.

This command will prompt for all required fields, and will attempt to fill in as many optional fields as possible. You can abort the advisory creation at any point in the prompt by pressing Ctrl+C.

You can specify required values on the command line using the flags relevant to the advisory you are creating. If not all required values are provided on the command line, the command will prompt for the missing values.

If the --no-prompt flag is specified, then the command will fail if any required fields are missing.

It's possible to create advisories for multiple packages and/or vulnerabilities at once by using a comma-separated list of package names and vulnerabilities. This is available for both the CLI flags and the interactive prompt fields.

When performing a bulk operation (i.e. on multiple advisories at once), if an advisory already has an event of the same type as the one being added, that advisory will be skipped, and a warning will be logged. This is to prevent adding redundant events to advisories that already have the same type of event.

This command also performs a follow-up operation to discover aliases for the newly created advisory and any other advisories for the same package.

OPTIONS¶

-a, --advisories-repo-dir=""
directory containing the advisories repository

--arch=[x86_64,aarch64]
package architectures to find published versions for

-d, --distro-repo-dir=""
directory containing the distro repository

--fixed-version=""
package version where fix was applied (used only for 'fixed' event type)

--fp-type=""
type of false positive [vulnerability-record-analysis-contested, component-vulnerability-mismatch, vulnerable-code-version-not-used, vulnerable-code-not-included-in-package, vulnerable-code-not-in-execution-path, vulnerable-code-cannot-be-controlled-by-adversary, inline-mitigations-exist]

-h, --help[=false]
help for create

--no-distro-detection[=false]
do not attempt to auto-detect the distro

--no-prompt[=false]
do not prompt the user for input

--note=""
prose explanation to attach to the event data (can be used with any event type)

-p, --package=[]
package names

-r, --package-repo-url=""
URL of the APK package repository

--timestamp="now"
timestamp of the event (RFC3339 format)

-t, --type=""
type of event [detection, true-positive-determination, fixed, false-positive-determination, analysis-not-planned, fix-not-planned, pending-upstream-fix]

-V, --vuln=[]
vulnerability IDs for advisory

OPTIONS INHERITED FROM PARENT COMMANDS¶

--log-level="WARN"
log level (e.g. debug, info, warn, error)

SEE ALSO¶

wolfictl-advisory(1)