Open pombredanne opened 1 year ago
Plan to add CWE support in all importers:
@ziadhany The following importers didn't have cwe data at the location from where their advisory data is extracted: openssl Mozilla npm PostgreSQL archlinux ubuntu debian_oval nginx: present on cve mitre API retiredotnet alpine_linux gentoo istio project_kb_msr_2019 suse_score elixer_security apache_tomcat xen ubuntu_usn apache_kafka nginx These importers either don't have the cwe data or the cwe data is accessible from nvd or cve.org apis.
https://github.com/nexB/vulnerablecode/pull/782 added support for the NVD importer, but other importers have this information too and should be enhanced to report it.