RAD Advisory Creation WORKFLOW Loose-Ends

[jasnow]

RAD Advisory Creation WORKFLOW Loose-Ends

• AUTOMATED or PRE-CHECK
  • Redo PR#1079 (Add title and description lline length check) (UPDATE: PR#1135)
  • Check for more automated field checks.
  • Future of kwalify gem (Keep for now)
• MANUAL STEPS
  • Add non-GHSA cvss fields/values from https://nvd.nist.gov/vuln .
  • Add more references to support all the data. Suggest adding project-related evidence as references to prove the patch, such as Rubygem link, CHANGELOGs, Release Notes, project blog posts.
    • Good example: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/excon/CVE-2026-54171.yml
  • Check for dead URLs. (mostly for legacy advisories) (all URLs on new internal created advisories are checked).

NOTE: Expect to keep current for now.

[jasnow]

Should we add ML for PR reviews?

• https://simianwords.bearblog.dev/you-should-use-ai-for-reviewing-code-especially-when-the-diff-is-huge/

[jasnow]

FYI: Advisories are getting longer description field with more sections.
Probably need to flag ## Details section etc just like POC.