-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CNA information difficult to obtain without scraping and parsing all CVEs #69
Comments
It is not an "officially supported" method, but I use the JSON from the GitHub repo for this information to stop from having to scrape the site: https://raw.githubusercontent.com/CVEProject/cve-website/main/src/assets/data/CNAsList.json The JSON has not been updated to include the |
See this for a mapping of Org ID to CNA full names. |
@M-nj Thank you so much! That is so helpful! |
@M-nj this file is now empty? It was populated this morning. |
This has been a known issue for that file, however it may have been patched as of Sept 11th, 2024. Please see CVEProject/cve-website#1996 (comment). If this issue persists, feel free to contribute to that issue. |
This is essentially a duplicate of CVEProject/automation-working-group#133. Please add specific use cases that would be met if this data were to be published in official form (instead of a set of unofficial website assets). Thank you! |
There is a mapping between some GUIDs and CNAs that exists in the
providerMetadata
fields, e.g.However, there doesn't appear to be a way to gather a mapping of these organizational IDs or a clear way to get additional information about them, e.g. a contact email or a longer form name. It would be very useful to have a dictionary of this information for correlation with some downstream consumers of the CVE.org data like NIST NVD who are currently just using the UUID when they publish their information.
Additionally, even though it is public, there is no way of programmatically obtaining the contact information for or the name of a CNA even though this information is public without scraping the CVE.org website (if there is, please correct me; I can't find any indication of such an offering existing).
The text was updated successfully, but these errors were encountered: