Skip to content

Add Sonatype OSS Index as data source for GHSA database #4924

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Add Sonatype OSS Index as data source for GHSA database#4924
@davidgiessing

Description

@davidgiessing
davidgiessing
opened on Oct 23, 2024

Similiar to #4843 : Some CVEs are not reported to NVD or are added very late.
We previously used to scan for CVEs only using the NVD database, but a lot of our customers used the OSS index and fairly frequently reported some CVEs back to us that our scan failed to pick up due to it missing in the NVD database. Since then we have changed our CVE scans to use both databases and have not had that issue since.
Since we are now moving our projects to Github and would love to use Dependabot it would be great to not have that issue come back up again.

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions