Merge pull request #77 from RedHatProductSecurity/scanning-vendor-guidance

Formatting errors

Author: oaubrey

docs/csaf-vex.md

@@ -528,7 +528,7 @@ Our other full product ID `7Server-7.4.AUS:kernel-0:3.10.0-693.112.1.el7.src` ca
 The `remediations` object provides additional information about the previously identified product status. The following
 remediations status are available per `product_status` category:
 
-* `fixed`
+`fixed`
 
   * `vendor_fix`: For all the product IDs with a fixed product status there will be a corresponding entry
     in the remediations object that correlates each full product ID to the correct RHSAs. The RHSA can be determined by
@@ -538,7 +538,7 @@ remediations status are available per `product_status` category:
   * `workaround`: If a mitigation exists, it applies to all components regardless of their fix state.
       * `details`: The mitigation statement
 
-* `known_affected`
+`known_affected`
 
   * `no_fix_planned`: Will include any product IDs with the known affected product status that will not be fixed by Red
   Hat, either because it is out of support scope or the engineering team has decided not to fix it for other reasons.
@@ -549,10 +549,10 @@ remediations status are available per `product_status` category:
   * `workaround`: If a mitigation exists, it applies to all components regardless of their fix state.
       * `details`: The mitigation statement
 
-* `known_not_affected`: There are no remediation objects for the known not affected status since it is implicitly
+`known_not_affected`: There are no remediation objects for the known not affected status since it is implicitly
 assumed that no remediation is needed if the product and component are not affected.
 
-* `under_investigation`: There are no remediation objects for the under investigation status since it is implicitly
+`under_investigation`: There are no remediation objects for the under investigation status since it is implicitly
 assumed that no remediation exist while still under investigation.
 
 Note: As with the `product_status` object, there may not be a `remediations` entry for every category. Additionally,

docs/scanning-vendors.md

@@ -68,13 +68,14 @@ pkg:rpm/redhat/libgcc@11.3.1-4.3.el9?arch=x86_64
 ```
 
 #### SRPMs
-Additionally, SRPMs can be discovered from a binary RPM by using the following command from within the container image.  
- ```
+Additionally, SRPMs can be discovered from a binary RPM by using the following command from within the container image.
+
+```
 # Example return of SRPM query
-$ r libgcc  
+$ rpm -q --qf '%{SOURCERPM}\n' libgcc  
                     
 gcc-11.3.1-4.3.el9.src.rpm
- ```
+```
 
 The gcc source component can be represented using the following purl.
 ```
@@ -711,21 +712,21 @@ Many scanning vendors face similar challenges when reading and parsing Red Hat's
 has already been asked, you can review the list of questions asked [here](https://issues.redhat.com/browse/SECDATA-862?filter=12444038).
 
 ### Python and VENV 
-https://issues.redhat.com/browse/SECDATA-831
+[https://issues.redhat.com/browse/SECDATA-831](https://issues.redhat.com/browse/SECDATA-831)
 
 ### Repository Relative URLs 
-https://issues.redhat.com/browse/SECDATA-1089
-https://issues.redhat.com/browse/SECDATA-797
-https://issues.redhat.com/browse/SECDATA-1020
+[https://issues.redhat.com/browse/SECDATA-1089](https://issues.redhat.com/browse/SECDATA-1089)
+[https://issues.redhat.com/browse/SECDATA-797](https://issues.redhat.com/browse/SECDATA-797)
+[https://issues.redhat.com/browse/SECDATA-1020](https://issues.redhat.com/browse/SECDATA-1020)
 
 ### Empty Content Sets
-https://issues.redhat.com/browse/SECDATA-966
+[https://issues.redhat.com/browse/SECDATA-966](https://issues.redhat.com/browse/SECDATA-966)
 
 ### Differences in OVAL and VEX CPEs
-https://issues.redhat.com/browse/SECDATA-1141
+[https://issues.redhat.com/browse/SECDATA-1141](https://issues.redhat.com/browse/SECDATA-1141)
 
 ### Duplicate RHSAs
-https://issues.redhat.com/browse/SECDATA-969
+[https://issues.redhat.com/browse/SECDATA-969](https://issues.redhat.com/browse/SECDATA-969)
 
 ## Additional Questions or Concerns 
 Red Hat is committed to continually improving our security data; any future changes to the data itself or the format of