vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
## Summary This PR implements an importer for Alpine Linux APKBUILD files, addressing issue: - #509. ## Changes - Added `APKBUILDParser` class to parse secfixes sections from APKBUILD files -...
This may be redundant or not but APKBUILD files seem to have secfix info: https://git.alpinelinux.org/aports/tree/main/asterisk/APKBUILD?id=9d426cf7a7701ee6707224d3e9f6d07553a56de1#n40 ``` # secfixes: # 18.2.1-r0: # - CVE-2021-26712 # - CVE-2021-26713 # - CVE-2021-26717 #...
See CSAF at https://tuxcare.com/blog/common-security-advisory-framework-csaf-now-available/
A curation queue for data enrichment should ensure we curate key vulnerability attributes such as PURL, VERS, severity, weaknesses, scoring, remediation or mitigation. Eventually the queue should be sorted such...
We should perform (or better request expert help ) a code security audit and review of VCIO! And the apply any feedback to fix issues - [ ] VCIO-next: Request...
## Summary This PR fixes code quality issues identified during a repository audit, focusing on Python best practices (PEP 8) and code correctness. ## Changes Made ### 1. Fixed Improper...
Moved the 'ssvc_calculator' function from 'v2_importers/vulnrichment_importer.py' to 'vulnerabilities/utils.py' because it is used in multiple places. Updated imports in the original file. All tests pass.
- For VCS URLs that can be formed into PURLs as of today, (github, bitbucket anf gitlab). We will support them for code commit collection - For the types that...
