ashenchowthee / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

Evaluate and hopefully adopt Vulndb #1580

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hopefully this https://github.com/vulndb
can be a replacement for this: 
https://code.google.com/p/zaproxy/source/browse/trunk/src/lang/vulnerabilities.x
ml

Original issue reported on code.google.com by psii...@gmail.com on 27 Mar 2015 at 1:45

GoogleCodeExporter commented 9 years ago
If we do adopt this then ideally the Java code to access it should be in a 
separate project so that others can reuse it :)

Original comment by psii...@gmail.com on 27 Mar 2015 at 1:50

GoogleCodeExporter commented 9 years ago
Sure, the ideal case would be to have:
 * vulndb with the JSON files
 * java-sdk which is thin Java layer to allow access to the JSON files (without even knowing that it's json)

Original comment by andres.riancho@gmail.com on 27 Mar 2015 at 1:53

GoogleCodeExporter commented 9 years ago
I'm good with that!
As stated on twitter - very happy for you to use any of our resources that you 
can.
We use Crowdin for translations, which is where the all of the translations in 
here come from: https://code.google.com/p/zaproxy/source/browse/trunk/src/lang/

Original comment by psii...@gmail.com on 27 Mar 2015 at 1:56

GoogleCodeExporter commented 9 years ago
Please note we also have a "vulnerabilities.db" that is bundled with, and used 
by the "Insecure Component" scanner. This maps (primarily) from web-server 
software version information back to CVE ids and CVSS ratings.

Original comment by colm.p.o...@gmail.com on 30 Mar 2015 at 11:55

GoogleCodeExporter commented 9 years ago
ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:18