ruby-advisory-db
ruby-advisory-db copied to clipboard
Add an API for the ruby-advisory-db
Add an API for interacting with the database.
- Searching for advisories by CVE or gem.
- Testing if a
Gem::Version
is vulnerable. - Downloading and updating a copy of the database.
I'd love to put this in my ci build. Right now heroku gives some warnings and that isn't enough.
How would an API work? Can you please provide an example. Would https://github.com/rubysec/rubysec.github.io be involved?
@jasnow I believe this would be a Ruby library for interacting with the ruby-advisory-db
, so that other tools could interface with it in the same way that bundler-audit
does.
Maybe it could have a rudimentary CLI that could update the DB or query a specific advisory or gem-version
.
Almost:https://rubysec.com/advisories/CVE-2023-22796/
and https://github.com/lildude/jekyll-json-feed
and https://apievangelist.com/2016/09/19/providing-yaml-driven-xml-json-and-atom-using-jekyll-and-github/
We could create a static JSON feed for the website as yet-another-way to get the advisory data. Might be worth creating a separate issue in the website repo.