Open Scanteianu opened 3 months ago
add new source for cves - reference original ojvg page
use credentials when querying NIST to prevent throttling
translate version number into URI for temurin release
figure out why affects only works some of the time
add rating from ojvg as well
see if versions can take a range - use semantic versioning - anything affecting major.minor is assumed to also impact all earlier versions of that major version
@netomi thinks we might be able to use https://hub.docker.com/r/owasp/dependency-check to avoid having to download from NVD entirely
here is an example how it could be used from an action: https://github.com/dependency-check/DependencyCheck_Builder
actually the correct image should be https://hub.docker.com/r/owasp/dependency-check-action that is updated daily with the latest CVE data.
see if versions can take a range - use semantic versioning - anything affecting major.minor is assumed to also impact all earlier versions of that major version
converted this to a new issue. #50
see comments