vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
See https://public2.vulnerablecode.io/packages/v2/pkg:pypi/[email protected]?search=pkg:pypi/[email protected] https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aamiles/CVE-2022-33001.yml is incorrect. After detailed investigation, the fixed version is wrong there.
- issue: https://github.com/aboutcode-org/vulnerablecode/issues/2002
I created an initial script to parse Git commit messages that can be easily integrated with our model. The script takes a Git repository as input, parses all commits, and...
See: - https://github.com/jensdietrich/xshady and https://github.com/jensdietrich/xshady-release/ by @jensdietrich et al. and paper at https://arxiv.org/abs/2306.05534 - we have some PurlDB WIP on Uberjar detection and related issues at: - https://github.com/nexB/purldb/issues/154 - https://github.com/nexB/purldb/issues/69...
Currently, we support running pipelines at periodic intervals but there are some special pipelines which we only need to run once. To accommodate such pipelines we should allow a mode...
We need to create a pipeline to parse changelogs and identify entries that correspond to vulnerabilities and fix commits for well-known ecosystems. - https://github.com/pyupio/changelogs/ - https://github.com/samaritan/archeogit - https://github.com/django/django/blob/1167cd1d639c3fee69dbdef351d31e8a17d1fedf/docs/releases/security.txt related issue:...
We should create a pipeline that extract fix commits by parsing commit messages there is multiple way we for doing that - Use a single simple regular expression. ex `CVE-\d{4}-\d{4,7}`...
Implement a pipeline that extracts fix commits from pull requests, issue descriptions, and comments. The pipeline should search for vulnerability-related messages and security fix indicators using, for example, the GitHub...