ODC to support NVD CVE API v2 offline cache in RAW JSON format, rather than v1 feed format #7211
Labels
Comments
MysticalMount
changed the title
|
It supports the schema within the files - but it does not support loading individual vulnerabilities from files like the provided example. In order to update the database we would have to process every single file to know if it had been updated. Many users simply |
|
Apparently my comment was incorrect. I thought there had been reports of people successfully using cveb.in - the file format is different and may appear to work, but it does not. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While newer versions seem to be able to support using the v2 of the NVD CVE API, its performance is unreliable. I can see there is the Open-Vulerability-Project and vulnz - which can create a cached copy of the data from the v2 API into the cached format of the v1 API.
However all of these options contain quite a bit of engineering for us to integrate.
I have encountered this Github repository:
https://github.com/vulsio/vuls-data-raw-nvd-api-cve
This is a mirror of every single JSON file the V2 API can provide sorted by years. This is much easier to integrate.
Im not sure if it already exists, but if we have data in a similar structure to this Git repository, i.e. the V2 API data in RAW JSON format, can OWasp Dependency Checker support this offline format?
The data conversion between the two will cause us quite a bit of engineering effort, and probably many others too.
The text was updated successfully, but these errors were encountered: