Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use official CNA names to identify vulnerability sources #1297

Open
2 tasks done
nscuro opened this issue May 31, 2024 · 1 comment
Open
2 tasks done

Use official CNA names to identify vulnerability sources #1297

nscuro opened this issue May 31, 2024 · 1 comment
Labels
domain/vuln-mirroring enhancement New feature or request need clarification Issues that need further clarification before implementation can start p3 Nice-to-have features size/L High effort

Comments

@nscuro
Copy link
Member

nscuro commented May 31, 2024

Current Behavior

Currently, vulnerability sources are identified based on the Vulnerability.Source enum.

Proposed Behavior

It would be better to use official CNA names instead, where applicable:

https://www.cve.org/PartnerInformation/ListofPartners

As identified in #1295, GITHUB should ideally be either GitHub_P or GitHub_M.

Checklist

@nscuro nscuro added enhancement New feature or request p3 Nice-to-have features size/M Medium effort domain/vuln-mirroring labels May 31, 2024
@sahibamittal sahibamittal self-assigned this Jun 4, 2024
@sahibamittal sahibamittal added the need clarification Issues that need further clarification before implementation can start label Jun 20, 2024
@sahibamittal
Copy link
Collaborator

Needs more research and clarification. CNA partner list does not include the sources clearly and the hardcoded list in the script is missing some of names like ossindex, retire.js, npm etc.

@sahibamittal sahibamittal removed their assignment Jun 20, 2024
@nscuro nscuro added size/L High effort and removed size/M Medium effort labels Jun 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
domain/vuln-mirroring enhancement New feature or request need clarification Issues that need further clarification before implementation can start p3 Nice-to-have features size/L High effort
Projects
None yet
Development

No branches or pull requests

2 participants