Add data in CSAF format from https://github.com/cisagov/CSAF

[pombredanne]

reported by @mjherzog

We should add data in CSAF format from https://github.com/cisagov/CSAF

Note:

• there may be several devices we may not care for in these data
• https://github.com/oasis-tcs/csaf supports both PURLs and VERS but that does not men that the CISA included them in their docs

See also:

• https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html
• https://www.cisa.gov/news-events/news/transforming-vulnerability-management-cisa-adds-oasis-csaf-20-standard-ics-advisories

[tehami02]

@pombredanne I think there are 1940 json files of CSAF data as its mentioned in their "index.txt" file. How do you want to add it to our project. Can you please provide more details.

[aryangupta701]

Hi @pombredanne can you please assign this issue to me, so I can start working on it

[pombredanne]

@aryangupta701 we do not "assign" issues except for core team members :) ... You can just state here that you are working on it and this is enough for a start and thank you ++ for this BTW.

[pombredanne]

@tehami02 re

I think there are 1940 json files of CSAF data as its mentioned in their "index.txt" file. How do you want to add it to our project. Can you please provide more details.

We would import these CSAF data file as advisories, vulnerabilities and packages in our DB. That's the whole point of this issue.

[aryangupta701]

Okay I am working on this issue. Thank you

[ambuj-1211]

@ziadhany exactly what we need to do in this one, we have to make a simple importer or some kind of api, if api then what should be the endpoint?

[ziadhany]

@ambuj-1211 I think we need to import CSFA data and also support the vulnerability CSAF format