search

anchore / vunnel

Tool for collecting vulnerability data from various sources (used to build the grype database)
Apache License 2.0
69 stars 25 forks source link

Epss provider prototype #634

Open nurmi opened 1 month ago

nurmi commented 1 month ago

some initial work on a prototype EPSS vunnel provider, which produces records like:

sqlite> select * from results limit 1;
id|record
cve-1999-0001|{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/epss/schema-1.0.0.json","identifier":"cve-1999-0001","item":{"cve":"CVE-1999-0001","epss":"0.00383","percentile":"0.73278","date":"2024-07-18"}}

using daily published CSV bundles from EPSS.