vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

fedcode-next: Extract fix commits from the change logs in search for CVE-related change entries

Open pombredanne opened this issue 3 months ago • 0 comments

We need to create a pipeline to parse changelogs and identify entries that correspond to vulnerabilities and fix commits for well-known ecosystems.

  • https://github.com/pyupio/changelogs/
  • https://github.com/samaritan/archeogit
  • https://github.com/django/django/blob/1167cd1d639c3fee69dbdef351d31e8a17d1fedf/docs/releases/security.txt

related issue:

  • https://github.com/aboutcode-org/vulnerablecode/issues/551

pombredanne avatar Oct 09 '25 15:10 pombredanne