Table of Contents generated with DocToc
Small Python project that generates a CVE 5.x JSON record from an <tracker> tracking issue, ready to paste into the Vulnogram #source tab of the ASF CVE tool.
The behavioural contract and the security-process context live in SKILL.md. This README covers the local-setup and test workflow for the project itself.
From the framework's root (this repository when running standalone; the .apache-steward/apache-steward/ submodule path inside an adopting tracker repo):
uv run --project tools/vulnogram/generate-cve-json generate-cve-json <ISSUE-NUMBER> [options]
Skill files reference the same invocation via the <framework> placeholder so the path resolves in either context:
uv run --project <framework>/tools/vulnogram/generate-cve-json generate-cve-json <ISSUE-NUMBER>
<framework> substitutes to .apache-steward/apache-steward in adopting projects and to . (the repository root) in framework standalone — see the placeholder convention in AGENTS.md.
Equivalent forms:
# as a module uv run --project <framework>/tools/vulnogram/generate-cve-json python -m generate_cve_json <ISSUE-NUMBER> # from inside the project dir cd <framework>/tools/vulnogram/generate-cve-json uv run generate-cve-json <ISSUE-NUMBER>
Flags are documented in generate-cve-json --help and in SKILL.md.
cd tools/vulnogram/generate-cve-json uv run --group dev pytest
cd tools/vulnogram/generate-cve-json uv run --group dev ruff check src tests uv run --group dev ruff format --check src tests uv run --group dev mypy
The prek hooks configured in .pre-commit-config.yaml at the repository root run ruff check, ruff format --check, and mypy on the project files automatically on every commit that touches them.