Project Status

[grandmasterv]

It looks like this project has not been worked on for a while. I was wondering what the status of it was. Any specific reasons work stopped on it? Did the licensing changes at Elasticsearch have anything to do with it? Maybe there is a possibility to switch to using OpenSearch instead if that is the case.

I'm starting to build a vulnerability management program at a large university and VulnWhisperer is looking very interesting. I'm wondering if the core maintainers would be willing to hand it over to someone else at this point since it seems abandoned.

[qmontal]

Hey @grandmasterv,

The project currently is halted/abandoned indeed. The reason of this was that we needed a major refactor in order to make the project in a real modular way with both input and output sources, and the way that it is currently implemented, every module was having implemented its whole stuff, and with no vulnerability standard for the data.

Due to the amount of refactor that had to be done, it was easier to start from scratch getting the parts of code that were useful and learning from the challenges we had, and this is currently being developed at King as an internal project. I am no longer in that company, so hopefully the code of the new project is shared publicly eventually; its something that it is intended, but hasn't happened yet.

In order to keep working with VulnWhisperer as it is, you should get in contact with @austin-taylor or @SMAPPER, they should be able to work it out with you.

BR

[grandmasterv]

Thanks for taking the time to provide that info @qmontal, it is very helpful. Perhaps one of the maintainers can post a brief update to the README file stating the status of the project.

[SMAPPER]

I'm not sure I'm ready to abandon the project just yet. Yes, it hasn't been updated in awhile. However, we still use it internally. Please hold, if we don't make a change in the next month or two we can mark this as abandoned. I'll put an update on the README.

[mplattner]

I'd really like to see this project being updated and maintained further :)

If not, are you aware of any suitable alternatives? @qmontal said a rewrite is being done at "King". What's that?

[redy01]

Hi, looks like "recent" version is not usable with recent elastic/kibana version is there any future plans to continue this project?

[sebdooris]

Would love to hear some positive news on this project it's exactly what our non-profit needs to pull together Nessus data. Tried to get it running a few times with no luck.

[grandmasterv]

@SMAPPER since there has not been any activity on this project now for about 5 months since you said you would look at it can you now mark it as abandoned or recruit some maintainers that can help take this on?