Closed terriko closed 1 year ago
A note because it came up in gitter: This project is loosely reserved for a paid contributor to be selected through the GSoC 2022 process. (open to anyone over 18 who's willing to put in either 175 or 350 hours of paid work through the program). If you wish to work on this, please apply through that program when it opens on March 7.
Discussion and ideas are fine, but pull requests with actual code are discouraged because we don't want to interfere with applicants who might want to do this idea. There's 100 other issues available, please feel free to solve ones not flagged for gsoc participants!
Done as part of GSoC 2022, thanks @XDRAGON2002 !
@terriko Couldn't have done it without your help! Thanks!
CVE Binary Tool was originally intended to work with compiled languages and binary files, but we've expanded to do known component lists in a few different formats. Recently, @anthonyharrison improved our support for .jar files by reading the meta data from those files, and @BreadGenie has earlier work to support listings from Linux package repositories. We'd like to see about doing that for other popular package repository ruby gems, npm, improving our python support, etc.
This project will probably involve doing a few things:
{vendor, product}
pairs (see #1504)Some languages/package managers of potential interest:
A 175hr project could choose 2-3 package list types to support and work on that. For a 350hr project, I'd definitely want to see some plan for a mapping database/data structure with the following:
Hours
175 or 350, scaled depending on how many package types you intend to tackle and whether you want to add the mapping database
Difficulty level
Recommended skills