vulnerability-lookup icon indicating copy to clipboard operation
vulnerability-lookup copied to clipboard
verified publisher icon cve-search

CPE, PURL, versioning discussions for vulnerability-lookup

Open adulau opened this issue 1 year ago • 2 comments

Following some discussions, notes about versioning in vulnerability-lookup:

  • [X] Improve the UI output with the version is available next to the product name.
  • [X] Improve the CPE api to search for product/vendor to be originally compatible with the original cve-search API.
  • [ ] Add cpe-guesser directly in vulnerability-lookup.
  • [ ] Add ability to extend or alias CPE name such as new vendor names or product names.
  • [ ] Review the additional CPE from other users (like JPN).
  • [ ] Support of purl export if a package name is known.

Ref: https://github.com/package-url/purl-spec/issues/331

adulau avatar Oct 21 '24 08:10 adulau

Example cpe.json which is the format cpe announce used by software author or vendor to be fetch automatically.

{
  "vendor_name": "misp",
  "vendor_synonyms": [
    "misp-project"
  ],
  "url": [
    "https://www.misp-project.org"
  ],
  "products": [
    {
      "name": "misp",
      "url": [
        "https://www.misp-project.org"
      ],
      "git_reference": [
        "https://github.com/misp/misp"
      ],
      "type": "a"
    },
    {
      "name": "misp-maltego",
      "git_reference": [
        "https://github.com/MISP/MISP-maltego"
      ],
      "type": "a"
    }
  ]
}

adulau avatar Nov 24 '24 17:11 adulau

41f8471 - search for vulnerabilities by CPE string

cedricbonhomme avatar Dec 02 '24 10:12 cedricbonhomme