Prototype of a PURL lookup command. The command supports both versioned and unversioned lookups, and returns information on associated vulnerabilities. For an unversioned PURL, all known vulnerabilities are returned. For a versioned PURL, the set of vulnerabilities affecting that version are returned.
Matching is only performed against OSV entries. Applying CPE matches from the NVD dataset is to be implemented.
Version comparisons are done using the univers versions library. This prototype is limited to python ecosystem queries, but univers supports a wide range, and is cited in the draft specification for PURL version ranges as an embodiment of the functionality needed to cover the range specification.
Prototype of a PURL lookup command. The command supports both versioned and unversioned lookups, and returns information on associated vulnerabilities. For an unversioned PURL, all known vulnerabilities are returned. For a versioned PURL, the set of vulnerabilities affecting that version are returned.
Matching is only performed against OSV entries. Applying CPE matches from the NVD dataset is to be implemented.
Version comparisons are done using the univers versions library. This prototype is limited to python ecosystem queries, but univers supports a wide range, and is cited in the draft specification for PURL version ranges as an embodiment of the functionality needed to cover the range specification.