sbs

@dmitry-shibanov thanks !

This hasn't yet been closed, I assume you wanted me to make a PR at https://gitlab.alpinelinux.org/alpine/aports/-/blob/3.9-stable/main/ansible/APKBUILD#L48 is that correct @ncopa ?

FWIW I've been converting the security announcements to yaml format as part of [ismyk8ssecure](https://github.com/ismyk8ssecure/ismyk8ssecure). See [advisories](https://github.com/ismyk8ssecure/ismyk8ssecure/tree/main/advisories) in particular. It contains the CVE and a list of versions of the particular...

@sftim I would be happy to help. Let me know the next steps.

Any updates on this ? We need to interact with this flag too. The API hasn't changed from what OP said. This flag is missing from the public docs still.

@surendrapathak thanks ! Didn't knew about the tool, great work there. I'll fix the error in next release.

@elanzini are you sure https://github.com/google/vulncode-db has commit links other than the one provided my NVD ? I've looked at couple of entries at vulncode-db and all seem to have same...

@copernico >Heads-up: in the coming days we will release a few hundred vulnerability statements (700 or more); we are currently making a quality-assurance check on the vulnerability data we have...

@elanzini >Are you planning to store just the link to the patches or the diff information as well? Atm just the links. IMHO `vulncode-db` does a great job at showing...

@pombredanne this makes sense, but I'm not sure how to infer relationship between the inferred commitish package and the vulnerability. For eg, there could be multiple commits which fix the...