vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
Reference: https://github.com/nexB/vulnerablecode/issues/798 Signed-off-by: John M. Horan
- [ ] VULCOID have a confusing id numbering (base 36) that have a varying length. We should do something that is random and fixed size instead and eschew having...
We need to specify a license for vulnerablecode Data. Workable candidates include: `cdla-permissive-1.0` https://cdla.io/permissive-1-0/ https://spdx.org/licenses/CDLA-Permissive-1.0.html and `cc-by-4.0` http://creativecommons.org/licenses/by/4.0/legalcode https://spdx.org/licenses/CC-BY-4.0.html Both licenses are also in the scancode list.
Deploying without any guards against API spam, is a bad idea. Especially since we need to do quite a work and API payload is big.
I just noticed odd results from a vulnerability search that appear to be related to the number of `aliases` for that vulnerability. For example, if I search for `cve`, my...
There is scope for improvement in RedHat importer that could really speed up the process We can proceed along these lines - oval support for RedHat ( https://www.redhat.com/security/data/oval/ ) -...
We should keep track of: - where we obtained advisory data from in an Advisory record - which Advisory were merged and contributed to a set of records - which...