generate-cve-jsonlisted

# generate-cve-json This skill produces a CVE 5.x JSON document from a tracking issue in [`<tracker>`](https://github.com/<tracker>), ready to paste into the Vulnogram **"#source"** tab of the ASF CVE tool. The goal is to eliminate the manual "copy each field from the issue into the right Vulnogram form input" step when you are preparing to publish an advisory. > **Project-agnostic by design.** All project-specific values > (vendor, top-level product / package name, project display map, > CNA org id, generator tag, …) are loaded from a TOML config the > adopting project ships at `<project-config>/tools/vulnogram/cve-json-config.toml`. > Concrete `apache-foo-project-*` strings appearing in this > document are **illustrative examples** of how a project with a > project-style package layout would configure things; replace > them mentally with the adopter's own package taxonomy. The > schema is documented in the package [README](README.md). **Golden rule:** the script generates a *proposal* JSON document. It parses a handful of structured fields from the issue body, but it cannot read the security team member's mind. Always review the generated JSON before pasting, and always do the final review inside Vulnogram before moving the CVE from DRAFT → REVIEW → READY → PUBLIC. **Determinism:** the same input issue body produces exactly the same JSON bytes on every run. The script uses only the Python standard library, has no timestamps or machine-dependent values in its output, sor