Hardcoded Commit of cve-search no longer works. NVD XML retirement.

sw360 / sw360chores

WARNING - Work in Progress - It is not Bug Free! Use with Caution. This repository contains Dockerfiles and accompanying scripts that allow deployment of sw360 via docker

Eclipse Public License 1.0

13 stars 18 forks source link

Hardcoded Commit of cve-search no longer works. NVD XML retirement. #73

Open andreaslarfors opened 4 years ago

andreaslarfors commented 4 years ago

cve-search-server/Dockerfile contains a hardcoded commit hash for the cve-search project: ENV BRANCH=4c165eff1af0e4c7bdf103c341203717ae677f64

The population of the cve database fails because NVD have retired the XML feed of CVE records. https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3

Version 2.3 of cve-search (Sep 18, 2019) https://github.com/cve-search/cve-search/releases/tag/v2.3 adds support for the new JSON format from NVD.