Acording to NVD timeline, usage of JSON feeds for CVEDataset and CPEDataset will be deprecated in September 2023.
The newly preferred workflow is described at: https://nvd.nist.gov/developers/api-workflows. We should implement a new way of constructing both CVEDataset and CPEDataset accordingly. In the following text, I refer to CVEs, yet same treatment is needed for CPEs. Namely, we should:
Initially download a feed of all CVEs from NVD (once we have API key)
On every on of the pipeline, we should fetch that feed locally, load the time when the feed was obtained and use API to update the feed based on lastModStartDate parameter.
From such constructed feed, the CVEDataset object can be built
settings.yaml should have a place for API key initially set to None. If the key is None, the feed will not be downladed. Instead, whole CVEDataset will get fetched from our web where we'll cache it for our users.
The compressed CVEDataset has 13MB as of 0.1.3
The instance of sec-certs running on seccerts.org should compress the built CVE dataset and expose it to the users through some URL.
Since we start involving API keys management, the tool should revamp settings to allow for environment variables.
Acording to NVD timeline, usage of JSON feeds for
CVEDataset
andCPEDataset
will be deprecated in September 2023.The newly preferred workflow is described at: https://nvd.nist.gov/developers/api-workflows. We should implement a new way of constructing both
CVEDataset
andCPEDataset
accordingly. In the following text, I refer to CVEs, yet same treatment is needed for CPEs. Namely, we should:lastModStartDate
parameter.CVEDataset
object can be builtsettings.yaml
should have a place for API key initially set toNone
. If the key isNone
, the feed will not be downladed. Instead, wholeCVEDataset
will get fetched from our web where we'll cache it for our users.0.1.3
sec-certs
running on seccerts.org should compress the built CVE dataset and expose it to the users through some URL.