Closed ElectricNroff closed 1 month ago
@ElectricNroff During the migration to ADP production yesterday, the sync to the Vulnrichment GitHub repo was disabled. These records had been enriched and written out to disk after the last Vulnrichment repo sync prior to shutdown. They were included in the bulk load of data to ADP. After the sync was re-enabled, the next time it ran it picked up these records and sync'ed them to the Vulnrichment repo.
While that should not be a common occurrence, it is the case that the repo only updates hourly, but ADP is updated in realtime, so it will be possible to see data faster in ADP, but anything that is in ADP should also be in the repo, with some potential delay.
Like what @jwoytek-cisa said -- there will always be a little delay between the two, and right this moment, the delay is longer than usual, but going forward, it should be pretty one-to-one, per the flowchart:
If you happen to notice a ton of lag, please do report it, since it means there's a bug!
I am not sure whether it is intentional that a CISA ADP container may be present in CVE Services production even though it is not present in the cisagov/vulnrichment repo. For example, if someone has a use case today for discovering all CISA ADP containers as soon as possible, should they be able to look only in cisagov/vulnrichment or is there a requirement that they also explore CVE Services data (through https://github.com/CVEProject/cvelistV5 or some other approach)?
examples:
https://github.com/CVEProject/cvelistV5/blob/a4d237cd57242f1c1a537ea9c778a0792457491e/cves/2024/28xxx/CVE-2024-28996.json#L182-L185 versus https://github.com/cisagov/vulnrichment/tree/3a926686c711572123b1d07749c09677c9afbb63/2024/28xxx
https://github.com/CVEProject/cvelistV5/blob/a4d237cd57242f1c1a537ea9c778a0792457491e/cves/2024/5xxx/CVE-2024-5485.json#L133-L136 versus https://github.com/cisagov/vulnrichment/tree/3a926686c711572123b1d07749c09677c9afbb63/2024/5xxx