ruby-advisory-db icon indicating copy to clipboard operation
ruby-advisory-db copied to clipboard

Published 20 hours ago verified publisher icon rubysec

Add an API for the ruby-advisory-db

Open postmodern opened this issue 10 years ago • 6 comments

Add an API for interacting with the database.

  • Searching for advisories by CVE or gem.
  • Testing if a Gem::Version is vulnerable.
  • Downloading and updating a copy of the database.

postmodern avatar Aug 23 '13 19:08 postmodern

I'd love to put this in my ci build. Right now heroku gives some warnings and that isn't enough.

reconbot avatar Jan 14 '15 22:01 reconbot

How would an API work? Can you please provide an example. Would https://github.com/rubysec/rubysec.github.io be involved?

jasnow avatar May 30 '23 13:05 jasnow

@jasnow I believe this would be a Ruby library for interacting with the ruby-advisory-db, so that other tools could interface with it in the same way that bundler-audit does.

postmodern avatar May 30 '23 18:05 postmodern

Maybe it could have a rudimentary CLI that could update the DB or query a specific advisory or gem-version.

postmodern avatar May 30 '23 20:05 postmodern

Almost:https://rubysec.com/advisories/CVE-2023-22796/

and https://github.com/lildude/jekyll-json-feed

and https://apievangelist.com/2016/09/19/providing-yaml-driven-xml-json-and-atom-using-jekyll-and-github/

jasnow avatar May 30 '23 20:05 jasnow

We could create a static JSON feed for the website as yet-another-way to get the advisory data. Might be worth creating a separate issue in the website repo.

postmodern avatar May 30 '23 22:05 postmodern