Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why not use the NIST API for CVE generation? #77

Open
elemendar-syra opened this issue Jun 30, 2024 · 1 comment
Open

Why not use the NIST API for CVE generation? #77

elemendar-syra opened this issue Jun 30, 2024 · 1 comment

Comments

@elemendar-syra
Copy link

As per https://nvd.nist.gov/developers/start-here I believe it would be easy to integrate updating CVEs using that rather than how the current build script does it, from what I can see. Again, happy to implement in a branch (obviously if you're then building and publishing daily you'd need to handle the CI/CD side with an API key)
@adulau
Copy link

adulau commented Jul 1, 2024

We provide a multi-source (including NVD) vulnerability database where the API is documented there https://vulnerability.circl.lu/doc

You can easily query NVD for example, this way: https://vulnerability.circl.lu/last/nvd/1 and many other sources.

To describe other vulnerabilities in STIX 2.1, an extension would be required to support the different sources. Maybe @chrisr3d as some ideas for potential extensions.

@rpiazza rpiazza mentioned this issue Jul 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adulau @elemendar-syra