-
## Description
Our CI/CD pipeline is configured to block if any `critical` vulnerabilities are detected in the container. The GHA Job Summary for one of our containers reported a critical vulnerab…
-
CVE project supports enhancing the record as an Authorized Data Publisher (ADP). The benefit of this approach is that the enhancement data can be supplied in a consistent CVE 5.0 schema as `adpContain…
-
**Describe the bug**
When using the Gradle plugin, configured to pull data from the NVD datafeed or a custom datafeed location, the ODC H2 database is not populated. This causes the "dataExists" che…
-
We've had to disable NVE checks in the CI build due to https://github.com/jeremylong/DependencyCheck/issues/6149 (which itself is due to a change in the servers run by NVD database servers).
In any…
-
The SBOM Forum (an informal group) has reached out to the NVD team and the results are a bit worrying. We may want to discuss future management of this core database.
-
I execute dependency-check in cmd
dependency-check
--nvdApiKey "########-####-####-####-############
--scan "D:\\###\scanlib"
--out "D:\\###\report"
--format "JSON"
The following situat…
-
protobuf.js version: 6.11.4
This version is still being listed as vulnerable to [CVE-2023-36665](https://nvd.nist.gov/vuln/detail/CVE-2023-36665)
I understand we should patch to 7.x but we are n…
-
**See existing card #431.**
These two cards should be merged?
### Tasks
- [x] Add `OWASP_NVD_API_KEY` secret to the GitHub builds to speed up DepedencyCheck CVE updates.
- [ ] Review the GH action lo…
-
### Description
Dependency `golang.org/x/net` needs to be upgraded to at least to v0.7.0 to handle following CVEs
https://avd.aquasec.com/nvd/cve-2023-39325
https://avd.aquasec.com/nvd/cve-2022-…
-
### Description
I am using the `NVD_API_TOKEN` environment variable to provide nvd-clojure with my NVD API key, and it does not work. Using the Clojure Tools method, I should have either expected t…