You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
3. Download the CPE dictionary & populate the database with `python3 ./bin/import.py` (the NVD JSON importer now uses parallel workers by default; tune with `--workers` and `--batch-size` if needed).
27
-
4. Take a cup of black or green tea ().
28
-
5.`python3 ./bin/server.py` to run the local HTTP server.
27
+
4. Optionally enrich the vendor/product ranking with CVE v5 data using `python3 ./bin/import_cvelistv5.py`. This downloads `./data/cvelistv5.ndjson` only when missing unless you pass `--download`.
28
+
5. Take a cup of black or green tea ().
29
+
6.`python3 ./bin/server.py` to run the local HTTP server.
29
30
30
31
If you don't want to install it locally, there is a public online version. Check below.
31
32
@@ -201,10 +202,16 @@ Split vendor name and product name (such as `_`) into single word(s) and then ca
201
202
the cpe vendor:product format as value and the canonized word as key. Then cpe guesser creates a ranked set with the most common
202
203
cpe (vendor:product) per version to give a probability of the CPE appearance.
203
204
205
+
You can also build the ranking directly from the CVE v5 NDJSON dump. The importer scans the full record recursively so it can pick up
206
+
CPE values from both affected-product metadata and vulnerable configuration blocks, then increments the `rank:cpe` and
207
+
`rank:vendor_product` sorted sets using the normalized `cpe:2.3:<part>:<vendor>:<product>` tuple.
208
+
204
209
### Valkey structure
205
210
206
211
-`w:<word>` set
207
212
-`s:<word>` sorted set with a score depending of the number of appearance
213
+
-`rank:cpe` sorted set of common `vendor:product` tuples
214
+
-`rank:vendor_product` alias sorted set of the same tuple ranking, populated by both importers
0 commit comments