-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can I update CVE database on local server? #17
Comments
Hello @147sugiura We use active lookup of CVE program GitHub site as the official location to get the CVE information from For Example CVE-2024-0709 will be collected from the https://olbat.github.io/nvdcve/CVE-2024-0709.json If a CVSS score is available it is pulled up and provided. If not, one can manually add other sources of CVSS score such as NVD or the Vendor advisory itself. |
Hi @sei-vsarvepalli |
The CPE data was initially using CPE database from NIST - https://nvd.nist.gov/products/cpe ; As it turns out this CPE data is now being archived and less reliable. So the development of actually puling CPE was stopped. CPE data can be appended locally without having to lookup the NIST one, meaning the NIST data is only convenience to avoid duplicates. A new entry outside of NIST data can be freeform and will be accepted as-typed by the user. Surely will work on porting over 5.2.7 to GH may be in the next couple of weeks. Thanks for catching that. |
It is also documented here https://github.com/CERTCC/SBOM/tree/master/SwiftBOM/cpe_lookup |
I would like to update the CVE database on local server.
When I used SwiftBOM on internet (https://sbom.democert.org/sbom/), I think that this database is latest.
I would like to know how to update CVE database.
The text was updated successfully, but these errors were encountered: