search

rht-labs / labs-ci-cd

👻UNMAINTAINED - A collection of Red Hat Open Innovation Labs CI/CD components
Apache License 2.0
101 stars 70 forks source link

Add Proxy repo to Nexus for NIST CVE data to be used with OWASP Dependency Check #194

Closed InfoSec812 closed 6 years ago

InfoSec812 commented 6 years ago

Configure post step for Nexus to add a Raw Proxy for the NIST CVE database files to be used with OWASP Dependency Check.

More details available at: https://jeremylong.github.io/DependencyCheck/data/mirrornvd.html

The URLs to be mirrored would be:

Type Property Comment URL
cve url12Modified URL for the modified CVE 1.2. https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz
cve url20Modified URL for the modified CVE 2.0. https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-Modified.xml.gz
cve url12Base Base URL for each year’s CVE 1.2, the %d will be replaced with the year. https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz
cve url20Base Base URL for each year’s CVE 2.0, the %d will be replaced with the year. https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz