The first version of this component is under active development.
Currently, our editorial process starts with either a submission to our Airtable form, or by someone creating an issue in GitHub. Then we have a manual four step process:
An Editor maps inputs to a Report datamodel and, then publishes it as a JSON file for review,
The Editor checks and edits report as needed, assigns taxonomy categories, then moves it to the database as reports/20XX/AVID-20XX-RXXXX.json,
The Editor converts report to a new vuln or merges with an existing vuln, saves it in the database as vulnerabilities/20XX/AVID-20XX-VXXX.json,
Webmaster renders new reports and vulns to markdown files in the website source.
We plan to make this less manual over the course of the next few months by building an editorial UI and creating necessary integrations to enable developers push reports to AVID easily, and with more complete information upfront. Decision logs for each report will be logged in GitHub for openness and transparency.