Add CWE support in all importers

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

522 stars 190 forks source link

Add CWE support in all importers #1093

Open pombredanne opened 1 year ago

pombredanne commented 1 year ago

https://github.com/nexB/vulnerablecode/pull/782 added support for the NVD importer, but other importers have this information too and should be enhanced to report it.

ziadhany commented 1 year ago

Plan to add CWE support in all importers:

[x] nvd
[x] gitlab
[x] pysec
[x] pypa
[x] github
[x] redhat
[ ] openssl
[ ] debian
[ ] mozilla
[ ] npm
[ ] postgresql
[ ] archlinux
[ ] ubuntu
[ ] debian_oval
[ ] nginx
[ ] retiredotnet
[ ] alpine_linux
[ ] apache_httpd
[ ] gentoo
[ ] istio
[ ] project_kb_msr2019,
[ ] suse_scores
[ ] elixir_security
[ ] apache_tomcat
[ ] xen
[ ] ubuntu_usn
[ ] fireeye
[ ] apache_kafka

ambuj-1211 commented 1 month ago

@ziadhany The following importers didn't have cwe data at the location from where their advisory data is extracted: openssl Mozilla npm PostgreSQL archlinux ubuntu debian_oval nginx: present on cve mitre API retiredotnet alpine_linux gentoo istio project_kb_msr_2019 suse_score elixer_security apache_tomcat xen ubuntu_usn apache_kafka nginx These importers either don't have the cwe data or the cwe data is accessible from nvd or cve.org apis.