Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Migrate vulnerability database to it own repo
See original GitHub issueAs many suggested, we should move the vulnerability database (core + ecosystem) to its own repo. Security Advisories repository: https://github.com/nodejs/security-advisories
Repository Structure
Suggested repo structure would be
package.json
README.md
core
README.md
...json
npm
README.md
...json
Open Questions
- should we also build and push an npm package with the vuln db?
- should we change the current identifier (the nswg-eco / nswg-core) that is based on the running ids? if so, to what?
Action Items
- transform the existing format to the new structure
- announce the change via Twitter and official channels (we can contact Zibby Keaton)
- announce the change via the official Node.js website by PRing an announcement there
- an on/off switch for the vuln db in the current sec wg repo to be able to revert changes as needed (we can change the name of the directory or have a commit that removes the vuln_db directory, and later revert the commit if needed to restore immediately)
- make sure we sync data between this repo and the vuln repo during the announce phase so consumers can already start playing around with it.
Issue Analytics
- State:
- Created 5 years ago
- Comments:25 (22 by maintainers)
Top Results From Across the Web
Vulnerability Page - GitLab Documentation
Resolve a vulnerability with a merge request · On the top bar, select Main menu > Projects and find your project. · On...
Read more >Open Source Vulnerability format - GitHub Pages
We hope to define a format that all vulnerability databases can export, to make it easier for users, security researchers, and any other...
Read more >Known Exploited Vulnerabilities Catalog | CISA
Subscribe to the Known Exploited Vulnerabilities Catalog Update Bulletin ... One (2019) and OfficeScan XG migration tool remote code execution vulnerability ...
Read more >NVD - Home
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP) ...
Read more >CVE - CVE
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
So I have started to work on that. Please check PR https://github.com/nodejs/security-advisories/pull/2 . the result of the script is in PR https://github.com/nodejs/security-advisories/pull/3
Also, please take a look at the other’s rep roadmap https://github.com/nodejs/security-advisories/issues/4
can’t wait for that API already 😉