spring CVE for working with cve-bin-tool

[pcouas]

Hi,

Could you explain me how to add CVE JAVA SPRING Detection with your tool to cve-bin-tool ? https://github.com/intel/cve-bin-tool/issues/4101

Regards Philippe

[scanossmining]

Hi @pcouas , thank you for reaching out. Unfortunately I'm not familiar with the cve-bin-tool and I cannot provide support for it. Our data is available in 2 open formats(yaml files and and sqlite database) and you can convert it easily to any format you want. Maybe you need to extract from our data either the PURL or CPEs you are interested in and then send them to cve-bin-tool through an SBOM? Looking at its description I see that it can also read components from an SBOM, not only by scanning a project: "...you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions. "