Philippe Ombredanne
Philippe Ombredanne
This is low volume See - https://framework.zend.com/security/advisories - https://framework.zend.com/security/advisory/ZF2018-01 - https://getlaminas.org/security/advisories
As part of the upcoming release, we must document the changes in the API data structures wrt. the previously released version
This is handy to understand what is the app version that is currently running
It would be useful to have a DB stats and summary API to report high level counts. This needs design.
This is a followup to https://github.com/nexB/vulnerablecode/issues/607 > we should contemplate using the https://github.com/pypa/advisory-database/ separately and directly as this and the OSV two may not be exactly in sync
``` parse_yaml_file: affected_range is not parsable: '(,)' type:'nuget' error: InvalidVersion("'None' is not a valid ") Traceback (most recent call last): File "/app/vulnerabilities/importers/gitlab.py", line 220, in parse_gitlab_advisory affected_version_range = vrc.from_native(affected_range) File...
While importing PySEC I get this `NotImplementedError GIT Version - 'PYSEC-2022-84' - 'fcd18ce3101f245b083b30655c27b239dc72221e'` and we should be able to support these
These can come handy as a live test suite of things observed in the wild. [cves-by-purl.json.txt](https://github.com/nexB/vulnerablecode/files/8755265/cves-by-purl.json.txt)
We need to decide what we want to do wrt. licenses for data. See https://cve.mitre.org/about/termsofuse.html for instance for the CVE/NVD. There are a few ways to think about this: 1....