vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
Parsing vectors makes the UI slow, so we should avoid that somehow. I think we have two options for this: - Parse the vector and store it in the model....
Code to collect and store SSVC decision trees in VulnerableCode. We have some elements of the scoring system already in place, in particular for vulnrichhment, the goal is to systematically...
- Fixes: [https://github.com/aboutcode-org/vulnerablecode/issues/1873](https://github.com/aboutcode-org/vulnerablecode/issues/1873) # EUVD Importer ### Overview This pull request introduces a new importer for the **EU Vulnerability Database (EUVD)** provided by ENISA. The importer retrieves vulnerability advisories via...
Improve Sorting, Pagination, and Test Coverage for Vulnerabilities and Packages Search (Fixes #1754)
This pull request introduces significant improvements to the sorting, pagination, and test coverage for the vulnerabilities and packages search pages and also fixes #1754 . The main changes include adding...
issue: - https://github.com/aboutcode-org/vulnerablecode/issues/1723
Updated docstrings for several functions to improve clarity.
Currently we have: https://github.com/aboutcode-org/vulnerablecode/blob/be891173be2fbdc897116bf5aa4fc9fdc8dc4f3d/vulnerabilities/pipelines/v2_importers/vulnrichment_importer.py#L215 This would be reused at many places, so we should consider moving this as a separate library to avoid code duplication.
Hi Team, I have noticed this error when I tried to start the Istio importer: ``` ./manage.py import vulnerabilities.importers.istio.IstioImporter Importing data using vulnerabilities.importers.istio.IstioImporter Traceback (most recent call last): File "/app/vulnerabilities/management/commands/import.py",...
This is related to "Report only those fixed versions that are greater than the affected version" #1228. The question: Do we want to display/report the most relevant/best `fixed by` version...
