CSAF2MD is a tool that converts CSAF v2.0 JSON files into human-readable Markdown documents.
Follow these steps to set up the CSAF2MD tool:
-
Open a terminal or command prompt
-
Navigate to the csaf2md directory in this repository
-
(Optional but Recommended) Activate a Virtual Environment to isolate dependencies.
- Create the virtual environment.
python -m venv .venv- Activate the virtual environment.
- On Windows:
.\.venv\Scripts\activate- On macOS/Linux:
source .venv/bin/activate -
Install the tool's requirements.
pip install -r requirements.txt
- By default, CSAF2MD prevents the use of discouraged or prohibited CWEs. To allow these CWEs, set the BLOCK_BAD_CWES flag to FALSE in lib/env.py.
- Place all CSAF JSON files to convert in the input directory.
- Run the script: csaf2md.py.
- The resulting markdown advisory files are located in the "output" directory.
- If any conversion fails, the tool generates csaf_fail_list.txt listing the files that could not be converted in the current run of the script, including all generated errors.
- Any optional field considered standard for CISA's advisories but optional to Oasis-Open's standard are given the INSERT_ tag in the resulting markdown file if not found in the CSAF.
This tool checks CSAF contents against many of CISA's minimum advisory requirements and generates error messages when applicable. This tool should be used in tandem with CSAF validators that check strictly against the Oasis-Open CSAF standard.