blob: 793bede88c759a2a5b962a9b38cb24ae5cd6b1df (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# cvez
Utility for managing data items from from the [National Vulnerability
Database (NVD)][nvd]:
* [Common Vulnerabilities and Exposures (CVEs)][cve]
* [Common Vulnerability Scoring System (CVSS)][cvss]
* [Common Platform Enumeration (CPE)][cvss]
## TODO
* [ ] [Common Weakness Enumerations (CWEs)][cwe]
* [ ] [National Checklist Program (NCP)][ncp]
* [ ] [man][] export
* [ ] [cyclonedx][] support (for inventories)
* [ ] [purl][] support (related to [cyclonedx][])
* [ ] investigate [ATTACK][]
* [ ] investigate [SCAP][]
* [ ] investigate [OSV][]
* [ ] alternative: [cvedb][]
* [ ] nvd api https://nvd.nist.gov/developers/vulnerabilities
* [ ] git https://github.com/CVEProject/cvelist
* [ ] staticheck/golangci-lint
[nvd]: https://nvd.nist.gov/
"National Vulnerability Database"
[cve]: https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures
"Common Vulnerabilities and Exposures"
[cvss]: https://en.wikipedia.org/wiki/Common_Vulnerability_Scoring_System
"Common Vulnerabilities Scoring System"
[cpe]: https://en.wikipedia.org/wiki/Common_Platform_Enumeration
"Common Platform Enumeration"
[cwe]: https://cwe.mitre.org/data/downloads.html
"Common Weakness Enumeration"
[cisa-kevc]: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
"CISA Known Exploited Vulnerabilities Catalog"
[man]: https://www.golinuxcloud.com/create-man-page-template-linux-with-examples/
"man format export"
[ncp]: https://ncp.nist.gov/data-feeds
"National Checklist Program data feeds"
[purl]: https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst
"Package URL specification"
[cyclonedx]: https://cyclonedx.org/use-cases/#authenticity
"CycloneDX SBOM."
[scap]: https://csrc.nist.gov/projects/security-content-automation-protocol
"Security Content Automation Protocol."
[osv]: https://github.com/google/osv
"Open Source Vulnerability database."
[cvedb]: https://github.com/trailofbits/cvedb
"trail of bits cvedb"
[attack]: https://attack.mitre.org/versions/v10/resources/working-with-attack/
"ATT&CK"
|