Open pombredanne opened 1 day ago
pombredanne
commented
1 day ago The RSS feed is mostly the same as the JSON data https://k8s.io/docs/reference/issues-security/official-cve-feed/feed.xml
@cji since you are helping with k8s security issues handling, would you know if there is a plan to provide a structured feed, rather that the current text feed?
@andrewpollock @di you may know too?
andrewpollock
commented
1 day ago I did a quick Google search and happened upon
https://github.com/kubernetes-sigs/cve-feed-osv (which makes me wonder why we haven't got OSV.dev importing it, but it is the first I knew of it) @oliverchang FYI
pombredanne
commented
14 hours ago I did a quick Google search and happened upon https://github.com/kubernetes-sigs/cve-feed-osv (which makes me wonder why we haven't got OSV.dev importing it, but it is the first I knew of it) @oliverchang FYI
@andrewpollock Thanks! This is awesome. BUT this is also out of date and at least two vulnerabilities behind CVE-2024-9486 and CVE-2024-9594 as of today:
There is a mostly unstructured JSON feed and web page at:
This is managed by https://github.com/kubernetes/committee-security-response/blob/main/README.md#product-security-committee-psc but is mostly unusable as-is and demands complex parsing or manual handling.
Of interest, advisories like this https://groups.google.com/g/kubernetes-announce/c/ufYd_aq4Y20/m/V3LKIffxCAAJ do not point to a package proper, but to a family of container images built with a specific tool version.