search

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.
Creative Commons Zero v1.0 Universal
406 stars 29 forks source link

Clarify a sentence in the README #6

Closed joshbressers closed 1 month ago

joshbressers commented 2 months ago

This sentence in the README is confusing

Producers and consumers of this CVE data should already be familiar with the current JSON format, and can access this data in the normal ways, including the GitHub API.

Is the intent of the GitHub API link to suggest using Git to download the data, or is there some other API access you have in mind?

todb-cisa commented 2 months ago

Just a suggestion -- basically, "however you normally take and process data sets from a GitHub repo, just do that."

This is a temporary consumer situation, though, as the README goes on to say, "[t]his project is expected to evolve quickly over the next several weeks." My hope is that the ADP gears start turning soon-ish, and all this ADP will get reabsorbed back up into the main CVE corpus. But, the important part is just getting the data out there, and giving people a chance to mess around with it, find bugs, do the normal open-source thing.

todb-cisa commented 1 month ago

I don't think there's anything to do here right now -- once ADP is fired up and going, we can update the README to talk more about ADP, but that's still a little ways off. Re-open if you have a better suggestion!