vulnera icon indicating copy to clipboard operation
vulnera copied to clipboard
verified publisher icon NodeSecure

Support National Vulnerability Database (NVD)

Open fraxken opened this issue 2 years ago • 4 comments

Add a new strategy to support NVD: https://nvd.nist.gov/

The API has a ratelimit but an API key can be requested here

Maybe we need to somehow thinks how to design this given API (We can take inspiration from nodejs-dependency-vuln-assessments

fraxken avatar Sep 04 '23 20:09 fraxken

Hi @fraxken and @PierreDemailly . I'd like to make sure that I haven't misinterpreted this issue. Its purpose is to call the NIST vulnerability API for each package in the current project in order to detect any known vulnerabilities in them? Below, I present my attempted approach to this subject.

async function getVulnerability(dependency) {
    const response = await fetch(
        `https://services.nvd.nist.gov/rest/json/cves/2.0?keywordSearch=${dependency}`, { headers }); 
    return response.json();
}

const vulnerability = await strategy.getVulnerability("@nodesecure/i18n");

console.log(vulnerability)

fabnguess avatar Dec 04 '23 19:12 fabnguess

@fabnguess I think you need to wait that I finish my own PR

fraxken avatar Dec 04 '23 20:12 fraxken

noted

fabnguess avatar Dec 04 '23 20:12 fabnguess

We need to work on standalone API before dealing with that task (see #226)

fraxken avatar Jan 26 '24 21:01 fraxken