From 88040b96b588ac42e44aa217526e61fa0099ef82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Prpi=C4=8D?= Date: Thu, 29 Aug 2024 15:30:29 -0400 Subject: [PATCH 1/2] Update to new security data domain --- docs/purl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/purl.md b/docs/purl.md index 52263aa..de4f218 100644 --- a/docs/purl.md +++ b/docs/purl.md @@ -71,7 +71,7 @@ The repository ID is a unique value that identifies an RPM repository from where ID of the repository is the same and the other attributes of the RPM match, such packages even though sourced from varying URLs can be considered the same for the purposes of simple identification. Given a repository ID, you can resolve it to a URL using your chosen base URL and a relative path of that repository that exists in the -[repository-to-cpe.json mapping file](https://access.redhat.com/security/data/meta/v1/repository-to-cpe.json). This +[repository-to-cpe.json mapping file](https://security.access.redhat.com/data/meta/v1/repository-to-cpe.json). This file maps repository IDs to both relative URL paths and CPE IDs that represent product versions in all of Red Hat's security data files. From b9a21e18947353da4a7924a1450740d33492b407 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Prpi=C4=8D?= Date: Thu, 29 Aug 2024 15:31:29 -0400 Subject: [PATCH 2/2] Add ref to GA VEX blog --- docs/purl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/purl.md b/docs/purl.md index de4f218..7bbaf88 100644 --- a/docs/purl.md +++ b/docs/purl.md @@ -7,7 +7,7 @@ different contexts and ecosystems. Red Hat uses purl to identify software components in our [CSAF](https://www.redhat.com/en/blog/csaf-vex-documents-now-generally-available) advisory and -[VEX](https://www.redhat.com/en/blog/vulnerability-exploitability-exchange-vex-beta-files-now-available) files as +[VEX](https://www.redhat.com/en/blog/red-hat-vex-files-cves-are-now-generally-available) files as well as our [SBOM](https://www.redhat.com/en/blog/future-red-hat-security-data?channel=/en/blog/channel/security) files. We will continue expanding our use of purl across additional security-related metadata files and software solutions in the