Add Wordfence Intelligence as API provider

10up / wpcli-vulnerability-scanner

WP-CLI command for checking installed plugins and themes for vulnerabilities reported on wpvulndb.com

MIT License

278 stars 40 forks source link

Add Wordfence Intelligence as API provider #76

Closed jeffpaul closed 1 year ago

jeffpaul commented 1 year ago

Is your enhancement related to a problem? Please describe.

With the announcement from Wordfence about their free Wordfence Intelligence tool, we should look to get that added into this project as a vuln API provider.

Designs

n/a

Describe alternatives you've considered

n/a

Code of Conduct

[X] I agree to follow this project's Code of Conduct

jeffpaul commented 1 year ago

In looking into the vuln data feed options, the Scanner Feed might contain what we're most in need of here but the Production Feed might contain some items we might be interested in surfacing within the CLI output (e.g., Severity, link for CVE details). One nicety here is that there's no auth layer, so the config should just be defining wordfence as the VULN_API_PROVIDER and no additional VULN_API_TOKEN or similar auth method needed.

jeffpaul commented 1 year ago

Noting that we should credit/prop the following in any eventual PR/release of this: