Common Security Advisory Framework (CSAF) Verification, Validation, and Application Programming Interface (API).

In this project the attempt is made, to provide API and tools to support the CSAF communities from a single repository in the easy to prototype python language.

If, and when this endeavor succeeds, other languages can easily derive form the approach (as long as these offer similar capabilties to keep the effort in check).

Note: CSAF predecessor CVRF versions 1.1 and 1.2 are out of scope.

license Country of Origin Export Classification Control Number (ECCN) Configuration

Version Downloads Python Maintenance Status

Bug Tracker

Any feature requests or bug reports shall go to the todos of csaf.

Primary Source repository

The main source of csaf is on a mountain in central Switzerland. We use distributed version control (git). There is no central hub. Every clone can become a new source for the benefit of all. The preferred public clone of csaf is:

  • at sourcehut - a collection of tools useful for software development.


Please do not submit "pull requests" (I found no way to disable that "feature" on GitHub). If you like to share small changes under the repositories license please kindly do so by sending a patchset. You can either send such a patchset per email using git send-email or if you are a sourcehut user by selecting "Prepare a patchset" on the summary page of your fork at sourcehut.


Please kindly submit issues at https://todo.sr.ht/~sthagen/csaf or write plain text email to ~sthagen/[email protected] to submit patches and request support. Thanks.


In alphabetical order:

  • Anthony Harrison
  • Jacco Ligthart