nvd-cve-osv

command

v0.0.0-...-d9869f8 Latest Latest Go to latest Published: May 22, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/osv

Links

Open Source Insights

README ¶

Converting NVD CVEs for open source software to OSV

Further context at Introducing broad C/C++ vulnerability management support

See run_cve_to_osv_generation.sh for how this is invoked in Production.

To see it in action on a single CVE:

CVE=CVE-2024-3094

git clone --recurse-submodules https://github.com/google/osv.dev

cd osv.dev/vulnfeeds

mkdir /tmp/nvd /tmp/nvd2osv

(cd test_data && ./download_specific_cves $CVE)
mv test_data/nvdcve-2.0/${CVE}.json /tmp/nvd
gcloud storage cp "gs://osv-test-cve-osv-conversion/cpe_repos/cpe_product_to_repo.json" "/tmp"

go run cmd/nvd-cve-osv/main.go \
    --cpe_repos "/tmp/cpe_product_to_repo.json" \
    --nvd_json "/tmp/nvd/${CVE}.json" \
    --out_dir "/tmp/nvd2osv"

cat /tmp/nvd2osv/*/*/${CVE}.json

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL