Closed jeffpaul closed 1 year ago
In looking into the vuln data feed options, the Scanner Feed might contain what we're most in need of here but the Production Feed might contain some items we might be interested in surfacing within the CLI output (e.g., Severity, link for CVE details). One nicety here is that there's no auth layer, so the config should just be defining wordfence
as the VULN_API_PROVIDER
and no additional VULN_API_TOKEN
or similar auth method needed.
Noting that we should credit/prop the following in any eventual PR/release of this:
Is your enhancement related to a problem? Please describe.
With the announcement from Wordfence about their free Wordfence Intelligence tool, we should look to get that added into this project as a vuln API provider.
Designs
n/a
Describe alternatives you've considered
n/a
Code of Conduct