Open Rafiot opened 6 months ago
Notes for CSAF importer:
provider-metadata.json
there is no obvious way to tell the downloader "only get new stuff since last time you ran" the hacky solution is (initial import):
provider-metadata.json
last_updated
key last_updates
hashcsaf_downloader
& wait for a long timeThen, for updates:
last_updates
hashSome additional CSAF sources
The instrumentation is there -> https://oasis-open.github.io/csaf-documentation/tools.html which comes with a downloader: https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_downloader.md
One sample source is there: https://wid.cert-bund.de/.well-known/csaf/provider-metadata.json
So the goal will be to fetch from a provider, store them locally and add an importer in vuln lookup.