vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
- add OSS-Index DataSource - add tests for OSS-Index DataSource Closes #820
1) NVD provides too much details on CPEs https://nvd.nist.gov/vuln/detail/CVE-2011-4136 with fully enumerated CPE ranges, that put a lot of data under references. 2) We need to know which CPE references...
- add GitHub DataSource - add tests for GitHub DataSource
``` py ❯ python vulntotal/vulntotal_cli.py --help Usage: vulntotal_cli.py [OPTIONS] [PURL] Runs the PURL through all the available DataSources and group vulnerability by CVEs. Use the special '-' file name to...
- add OSV DataSource - add test for OSV DataSource Signed-off-by: Keshav Priyadarshi
We need detail screens that show you all of the data organized by non-null Alias / source. - For a Vulnerability this could be as simple as selecting an Alias...
Some published advisory are problematic because they can lead to misleading interpretations and either false positive or false negative. In particular this is the case for unbounded or star version...
We would want to have an interactive graph representing the extent to which the different DataSources differ. - Different attributes will have different weightage Ex: wt( diff( fixedversionᵒˢᵛ , fixedversionᵒˢˢ))...