Open adulau opened 1 year ago
Work in progress on that (branch framework
):
/vulnerability/{vulnerability_id}
- Reason: will support any ID, from NVD or notMaybe starting with a new importer like the GSD source GSD-database would be a good example of a second ID and also how to map the existing CVE with the GSD source too.
New extensions
Some of the UI is implemented (search/list recent entries). Now let's discuss the system to create a new vulnerability.
This is the form to report an advisory via github:
Should it be similar to that? What is the minimal viable set of settings we want in the form?
Then, how to we identify the advisory before it is assigned a CVE? And do we do that? If yes, one way is to do something similar to github with something like that: GHSA-c647-pxm2-c52w
As found by @adulau , we should use this interface for edit/submit: https://github.com/Vulnogram/Vulnogram
And push it to vulnerability-lookup instead of CVE for the ones created by our constituants
Open question regarding CVEList: it is more or less a duplicate of the NVD database, and it is not really possible to treat it as a new source. For now, it will be imported as a meta for the CVE entries.
Potential new source to add - https://www.variotdbs.pl/vulns/
@Rafiot https://github.com/cve-search/vulnerability-lookup/issues/42 that would be an interesting candidate but it's using the ADP extension of CVE. Not exactly sure the best way to do it.
vulnerability-lookup project
vulnerability-lookup is a cve-search rewrite to support the following functionalities. This project will be a new software project under the cve-search organisation.
Functionalities
Core
/api/cve/
and/browse/
.Import