Add an API for the ruby-advisory-db

rubysec / ruby-advisory-db

A database of vulnerable Ruby Gems

https://rubysec.com

Other

1.01k stars 218 forks source link

Add an API for the ruby-advisory-db #46

Open postmodern opened 11 years ago

postmodern commented 11 years ago

Add an API for interacting with the database.

Searching for advisories by CVE or gem.
Testing if a Gem::Version is vulnerable.
Downloading and updating a copy of the database.

reconbot commented 9 years ago

I'd love to put this in my ci build. Right now heroku gives some warnings and that isn't enough.

jasnow commented 1 year ago

How would an API work? Can you please provide an example. Would https://github.com/rubysec/rubysec.github.io be involved?

postmodern commented 1 year ago

@jasnow I believe this would be a Ruby library for interacting with the ruby-advisory-db, so that other tools could interface with it in the same way that bundler-audit does.

postmodern commented 1 year ago

Maybe it could have a rudimentary CLI that could update the DB or query a specific advisory or gem-version.

jasnow commented 1 year ago

Almost:https://rubysec.com/advisories/CVE-2023-22796/

and https://github.com/lildude/jekyll-json-feed

and https://apievangelist.com/2016/09/19/providing-yaml-driven-xml-json-and-atom-using-jekyll-and-github/

postmodern commented 1 year ago

We could create a static JSON feed for the website as yet-another-way to get the advisory data. Might be worth creating a separate issue in the website repo.