Add CSAF importer - Githubissues

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

518 stars 190 forks source link

Add CSAF importer #1122

Open tschmidtb51 opened 1 year ago

tschmidtb51 commented 1 year ago

As it was mention in several issues already (#1100, #1079) it might be beneficial to add a "generic" CSAF importer. This would help to ingest all CSAF advisories. It is also (beta) supported by RedHat.

pombredanne commented 1 year ago

@tschmidtb51 This would be super awesome! the funny thing is that when I received the notification about this feature request I did not notice that it was from you and I was about to ping you and @sthagen on this issue :]

You wrote:

It is also (beta) supported by RedHat.

Do you have a pointer to where we can fetch the data?

tschmidtb51 commented 1 year ago

Do you have a pointer to where we can fetch the data?

The entry point would be: https://www.redhat.com/.well-known/csaf/provider-metadata.json