New importer: (old NVD JSON) to import as a standalone source #95
Assignees
Labels
Comments
|
The it repo is heavier, but also quite a bit simpler to initialize, so out of pure laziness, I'd go with that (it will also be quicker to add). |
|
Perfect, let's go for the German updated NVD feed ;-) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Following the issue reported here CVEProject/cvelistV5#6 (comment) - we need to continue importing the old NVD JSON in vulnerability-lookup.
Now the difficult question, should we use this FKIE source https://github.com/fkie-cad/nvd-json-data-feeds or the old (soon to be removed) source from NVD https://nvd.nist.gov/vuln/data-feeds ? I quickly checked and my preference is going for the FKIE one (as it's the same and already updated with some additional data).
The idea is to pivot from the CVE ID for this source (to have the additional metadata which was lost in the new CVE v5 part) and still consider the other NVD sources as the official ones.
The text was updated successfully, but these errors were encountered: