Retire rest-nvd #445
Comments
|
Keep in mind that while the data structure of the json returned by the service at https://services.nvd.nist.gov/rest/json/cve/1.0/ BTW: I've just copy-pasted-adapted the rest-nvd code to use it in Prospector where I have done the opposite move (drop the dependency on services.nvd.nist.gov in favor of the self-contained solution) |
|
What was your motivation to move from https://services.nvd.nist.gov/rest/json/cve/1.0/ to rest-nvd? |
|
Avoid maintaining a component that is redundant since the service is offered for free from NVD. In project-kb the opposite move makes sense instead, because there we need to download all the feeds anyway (e.g., to train ML models on the whole dataset from the NVD), so serving those feeds from local is no-brainer. Also, the rest-nvd code is a single file that blends nicely (one extra .py file) with the other endpoints of Prospector: https://github.com/SAP/project-kb/tree/prospector-assuremoss/prospector/api/routers |
|
I see, it seems you even added some user management when adapting the code for Prospector. In fact, the switch to https://services.nvd.nist.gov/rest/json/cve/1.0/ is as easy as setting |
Yes, fastAPI, the python framework I use there, make it dead easy, so why not :-)
Yes, that's what I expected, in project-kb I will actually change the json returned by my code to be nested in the same way as the NVD service, so that the two are actually fully interchangable. |
The NVD offers a REST API to consume CVE information, e.g.,
https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-2015-5611. This makes Steady's Python service rest-nvd obsolete, and its removal from the repository and the Docker compose file would simplify both the repository and the runtime.Describe the solution you'd like
The text was updated successfully, but these errors were encountered: