Scanteianu
commented
3 months ago add new source for cves - reference original ojvg page
Open Scanteianu opened 3 months ago
Scanteianu
commented
3 months ago add new source for cves - reference original ojvg page
Scanteianu
commented
3 months ago use credentials when querying NIST to prevent throttling
Scanteianu
commented
3 months ago translate version number into URI for temurin release
Scanteianu
commented
3 months ago figure out why affects only works some of the time
Scanteianu
commented
3 months ago add rating from ojvg as well
Scanteianu
commented
3 months ago see if versions can take a range - use semantic versioning - anything affecting major.minor is assumed to also impact all earlier versions of that major version
Scanteianu
commented
3 months ago @netomi thinks we might be able to use https://hub.docker.com/r/owasp/dependency-check to avoid having to download from NVD entirely
here is an example how it could be used from an action: https://github.com/dependency-check/DependencyCheck_Builder
netomi
commented
3 months ago actually the correct image should be https://hub.docker.com/r/owasp/dependency-check-action that is updated daily with the latest CVE data.
Scanteianu
commented
2 weeks ago see if versions can take a range - use semantic versioning - anything affecting major.minor is assumed to also impact all earlier versions of that major version
converted this to a new issue. #50
see comments