Collect vulnerabilities and package references from cve-search (and/or via4cve)

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

543 stars 201 forks source link

Collect vulnerabilities and package references from cve-search (and/or via4cve) #9

Open pombredanne opened 7 years ago

pombredanne commented 7 years ago

At first the goal is to collect data exposed by the API of https://cve.circl.lu/ There is also a dump for via4 data available at https://www.cve-search.org/feeds/via4.json Longer term, we should setup our own instance of cve-search instead of using the public site API.

sbs2001 commented 4 years ago

Will we be exposing our cve-search at same end point(proposed to be removed by https://github.com/nexB/vulnerablecode/pull/177) ? This actually needs a lot more discussion as in future we will be adding graphql based api and remove/keep the rest API.