diff --git a/PULL-EXAMPLE.md b/PULL-EXAMPLE.md index 172e60a..542cad4 100644 --- a/PULL-EXAMPLE.md +++ b/PULL-EXAMPLE.md @@ -1,23 +1,23 @@ -# Pull Request Example # +# Pull Request Example# Thank you for contributing to CISA's Log4j-affected-db GitHub Repository! Please -follow the steps listed below in order to add a product to the public -repository. **Note:** To assure the accuracy of data please only include -products that have official advisories or alerts that verify the product's -vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), -[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), -[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), +follow the steps listed below in order to add a product to the public +repository. **Note:** To assure the accuracy of data please only include +products that have official advisories or alerts that verify the product's +vulnerability status to [CVE-2021-4104](https://nvd.nist.gov/vuln/detail/cve-2021-4104), +[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228), +[CVE-2021-45046](https://nvd.nist.gov/vuln/detail/CVE-2021-45046), and/or [CVE-2021-45105](https://nvd.nist.gov/vuln/detail/CVE-2021-45105?s=09). **Step 1:** Go to the cisagov data .yml files and choose the appropriate file to -include your updates (example link). The files are separated alphabetically -based on the first letter of the vendor name. For example, 'CISA' would be +include your updates (example link). The files are separated alphabetically +based on the first letter of the vendor name. For example, 'CISA' would be located in [`cisagov_C.yml`](https://github.com/cisagov/data/cisagov_C.yml). **Step 2:** Click the file edit button. **Step 3:** Add the blank template to the **.yml** file for new entries and fill -it out with the correct data. +it out with the correct data. Blank template: @@ -53,19 +53,19 @@ Blank template: last_updated: '' ``` -**Step 4:** Verify the new entry was entered before and/or after the prior and +**Step 4:** Verify the new entry was entered before and/or after the prior and next entries. -- If you are adding it to the beginning of the file, ensure you are pasting +- If you are adding it to the beginning of the file, ensure you are pasting it after `software:` and before the next entry starting with `- vendor:`. -- If you are adding it to the end of the file, ensure the entry ends before +- If you are adding it to the end of the file, ensure the entry ends before the file is closed out with `...`. **Step 5:** When you add content to the file, remove the `''` or `[]` for fields which are replaced with values (strings `''` or lists `[]` should be replaced as -shown in the example below, with list values on the following line(s) starting -with hyphen(s) `-`). The symbols should only remain used when fields remain -empty. For example, `fixed_versions: []` in our example below remains as is, +shown in the example below, with list values on the following line(s) starting +with hyphen(s) `-`). The symbols should only remain used when fields remain +empty. For example, `fixed_versions: []` in our example below remains as is, given there are no patched versions available for this entry. **Note:** not all fields have to be updated. @@ -108,7 +108,7 @@ Entry example: last_updated: '2021-12-14T00:00:00' ``` -**Step 6:** Validate that your data follows the appropriate format and proceed -with submitting the pull request. +**Step 6:** Validate that your data follows the appropriate format and proceed +with submitting the pull request. For any additional questions feel free to [submit an Issue request](https://github.com/cisagov/log4j-affected-db/issues).