Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CWE support in all importers #1093

Open
pombredanne opened this issue Jan 24, 2023 · 2 comments · May be fixed by #1526
Open

Add CWE support in all importers #1093

pombredanne opened this issue Jan 24, 2023 · 2 comments · May be fixed by #1526
Assignees
@ambuj-1211
Labels
GSoC 24 GSoC 24 (Data Collection & Data Quality project)

Comments

@pombredanne
Copy link
Member

pombredanne commented Jan 24, 2023
edited
Loading

#782 added support for the NVD importer, but other importers have this information too and should be enhanced to report it.
@pombredanne pombredanne mentioned this issue Jan 24, 2023
Closed
@ziadhany ziadhany mentioned this issue Feb 26, 2023
Merged
@ziadhany
Copy link
Collaborator

ziadhany commented Feb 26, 2023
edited by ambuj-1211
Loading

Plan to add CWE support in all importers:

  • nvd
  • gitlab
  • pysec
  • pypa
  • github
  • redhat
  • openssl
  • debian
  • mozilla
  • npm
  • postgresql
  • archlinux
  • ubuntu
  • debian_oval
  • nginx
  • retiredotnet
  • alpine_linux
  • apache_httpd
  • gentoo
  • istio
  • project_kb_msr2019,
  • suse_scores
  • elixir_security
  • apache_tomcat
  • xen
  • ubuntu_usn
  • fireeye
  • apache_kafka

@ziadhany ziadhany mentioned this issue May 17, 2023
Closed
@ambuj-1211 ambuj-1211 added the GSoC 24 GSoC 24 (Data Collection & Data Quality project) label Jun 25, 2024
@ambuj-1211 ambuj-1211 linked a pull request Jul 27, 2024 that will close this issue
Open
@ambuj-1211
Copy link
Collaborator

@ziadhany The following importers didn't have cwe data at the location from where their advisory data is extracted:
openssl
Mozilla
npm
PostgreSQL
archlinux
ubuntu
debian_oval
nginx: present on cve mitre API
retiredotnet
alpine_linux
gentoo
istio
project_kb_msr_2019
suse_score
elixer_security
apache_tomcat
xen
ubuntu_usn
apache_kafka
nginx
These importers either don't have the cwe data or the cwe data is accessible from nvd or cve.org apis.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ambuj-1211 ambuj-1211

Labels
GSoC 24 GSoC 24 (Data Collection & Data Quality project)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add CWE support in multiple importers ambuj-1211/vulnerablecode
3 participants
@pombredanne @ziadhany @ambuj-1211