vulnerability-lookup
diff --git a/‎static/documentation/_sources/feeds.md‎
Lines changed: 104 additions & 80 deletions b/‎static/documentation/_sources/feeds.md‎
Lines changed: 104 additions & 80 deletions
diff --git a/‎static/documentation/_sources/index.md‎
Lines changed: 1 addition & 1 deletion b/‎static/documentation/_sources/index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎static/documentation/access-patterns.html‎
Lines changed: 2 additions & 2 deletions b/‎static/documentation/access-patterns.html‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎static/documentation/api-v1.html‎
Lines changed: 4 additions & 4 deletions b/‎static/documentation/api-v1.html‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎static/documentation/architecture.html‎
Lines changed: 2 additions & 2 deletions b/‎static/documentation/architecture.html‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎static/documentation/command-line-interface.html‎
Lines changed: 2 additions & 2 deletions b/‎static/documentation/command-line-interface.html‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎static/documentation/contributing.html‎
Lines changed: 2 additions & 2 deletions b/‎static/documentation/contributing.html‎
Lines changed: 2 additions & 2 deletions
@@ -1,132 +1,156 @@
-# Feed syndication
-
-## Available feeds
-
-| Endpoint | Methods | Rule | Comment |
-|----------|---------|------|---------|
-| bundles_bp.feed_bundles | GET | /bundles/feed.\<string:format\>[?user=\<login\>] | Recent bundles. |
-| comments_bp.feed_comments | GET | /comments/feed.\<string:format\>[?user=\<login\>] | Recent comments. |
-| user_bp.feed_activity | GET | /user/\<string:login\>.\<string:format\> | Recent user activity. |
-| home_bp.feed_recent | GET | /recent/\<string:source\>.\<string:format\>[?vulnerability=\<vuln-id\>][?vendor=\<vendor-id\>] | Recent vulnerabilities per source or for all sources. Argument `vulnerability` is used to generate a feed of linked vulnerabilities. Argument `vendor` is used to generate a feed of vulnerabilities for the specified vendor. |
-| sightings_bp.feed_sightings | GET | /sightings/feed.\<string:format\> | Recent sightings. |
-| sightings_bp.feed_cpe_search | GET | /sightings/cpesearch/\<string:cpe\>/feed.\<string:format\> | Recent sightings for all vulnerabilities related to a CPE. |
+# Feed syndication (RSS / Atom)
+
+Vulnerability-Lookup exposes RSS and Atom feeds for new vulnerabilities,
+sightings, comments, bundles, and individual user activity. Feeds are
+designed for low-volume, human-facing consumers — RSS readers, chat-room
+bots, alert pipes, dashboards — where a small set of recent items is
+enough.
+
+```{tip}
+Building a mirror, scanner, or other large-scale automated consumer?
+Feeds are not the right tool — paginated history is capped per feed.
+See [Access patterns for automated consumers](access-patterns.md) for
+the canonical sync path (`since=` over the [API](api-v1.md), plus the
+pub/sub stream where the operator enables it).
+```
 
-The value of `format` can be `rss` or `atom`.
+## Available endpoints
 
-The value of `source` can be `all` or any of the individual source identifiers configured in your instance.
+| Path | Purpose |
+| --- | --- |
+| `/recent/{source}.{format}` | Recent vulnerabilities, per source or across all sources. Optional `?vendor={vendor-id}` filters by vendor; optional `?vulnerability={vuln-id}` returns vulnerabilities linked to the given one. |
+| `/sightings/feed.{format}` | Recent sightings (across all vulnerabilities). Optional `?vulnerability={vuln-id}` narrows to a single vulnerability. |
+| `/sightings/cpesearch/{cpe}/feed.{format}` | Recent sightings for any vulnerability affecting the given CPE. |
+| `/comments/feed.{format}` | Recent comments. Optional `?user={login}` narrows to one author. |
+| `/bundles/feed.{format}` | Recent bundles. Optional `?user={login}` narrows to one author. |
+| `/user/{login}.{format}` | Recent activity (sightings, comments, bundles) for a given user. |
 
-Default sources include:
+### `{format}`
 
-**Core:**
-"cvelistv5", "nvd", "fkie_nvd", "github", "pysec", "gsd", "vulnrichment"
+Either `rss` or `atom`. Both contain the same items; pick whichever your
+reader prefers.
 
-**Community & National databases:**
-"jvndb", "cnvd", "fstec", "variot", "tailscale", "bitnami_vulndb", "cleanstart", "drupal",
-"ossf_malicious_packages", "emb3d"
+### `{source}`
 
-**CERT-FR:**
-"certfr_avis", "certfr_alerte"
+Either `all`, or any source identifier configured on this instance. The
+authoritative list for a given deployment is exposed on `/about` and on
+[https://www.vulnerability-lookup.org/sources](https://www.vulnerability-lookup.org/sources).
+Common identifiers shipped by default include:
 
-**CSAF providers:**
-"csaf_abb", "csaf_certbund", "csaf_cisa", "csaf_cisco", "csaf_microsoft", "csaf_ncscnl",
-"csaf_nozominetworks", "csaf_opensuse", "csaf_ox", "csaf_redhat", "csaf_se", "csaf_sick",
-"csaf_siemens", "csaf_suse", "csaf_trustsource"
+- **Core:** `cvelistv5`, `nvd`, `fkie_nvd`, `github`, `pysec`, `gsd`, `vulnrichment`
+- **Community & national databases:** `jvndb`, `cnvd`, `fstec`, `variot`, `tailscale`, `bitnami_vulndb`, `cleanstart`, `drupal`, `ossf_malicious_packages`, `emb3d`
+- **CERT-FR:** `certfr_avis`, `certfr_alerte`
+- **CSAF providers:** `csaf_abb`, `csaf_certbund`, `csaf_cisa`, `csaf_cisco`, `csaf_microsoft`, `csaf_ncscnl`, `csaf_nozominetworks`, `csaf_opensuse`, `csaf_ox`, `csaf_redhat`, `csaf_se`, `csaf_sick`, `csaf_siemens`, `csaf_suse`, `csaf_trustsource`
+- **OSV:** `osv_almalinux`, `osv_haskell`, `osv_ocaml`, `osv_ossfuzz`, `osv_rustsec`
+- **Enrichment:** `cwec`, `capec`
 
-**OSV:**
-"osv_almalinux", "osv_haskell", "osv_ocaml", "osv_ossfuzz", "osv_rustsec"
+### Pagination
 
-**Enrichment:**
-"cwec", "capec"
+Feeds accept `page` and `per_page` query parameters. The default page
+size is set per instance via `FEED_MAX_PER_PAGE` in `config/website.py`.
+Most readers don't paginate, so the default is sized for one page of
+recent items.
 
 ## Examples
 
-### Recent vulnerabilities from all sources
+### Subscribing to recent vulnerabilities
+
+All sources, Atom format:
 
 ```bash
 $ curl https://vulnerability.circl.lu/recent/all.atom
 ```
 
-### Recent vulnerabilities from pysec
+A single source:
 
 ```bash
 $ curl https://vulnerability.circl.lu/recent/pysec.atom
 ```
 
-### Recent vulnerabilities related to a vendor
+### Filtering recent vulnerabilities
+
+By vendor:
 
 ```bash
 $ curl 'https://vulnerability.circl.lu/recent/cvelistv5.atom?vendor=MISP&per_page=2&page=8'
-<?xml version='1.0' encoding='UTF-8'?>
-<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
-<id>https://vulnerability.circl.lu/rss/recent/cvelistv5/2</id>
-<title>Most recent entries from cvelistv5</title>
-<updated>2024-11-26T08:02:41.668408+00:00</updated>
-<author>
-    <name>Vulnerability-Lookup</name>
-    <email>info@circl.lu</email>
-</author>
-<link href="https://vulnerability.circl.lu" rel="alternate"/>
-<generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
-<subtitle>Contains only the most 2 recent entries.</subtitle>
-<entry>
-    <id>https://vulnerability.circl.lu/vuln/cve-2021-37534</id>
-    <title>cve-2021-37534</title>
-    <updated>2024-11-26T08:02:41.670402+00:00</updated>
-    <link href="https://vulnerability.circl.lu/vuln/cve-2021-37534"/>
-</entry>
-<entry>
-    <id>https://vulnerability.circl.lu/vuln/cve-2022-29528</id>
-    <title>cve-2022-29528</title>
-    <updated>2024-11-26T08:02:41.670364+00:00</updated>
-    <link href="https://vulnerability.circl.lu/vuln/cve-2022-29528"/>
-</entry>
-</feed>
 ```
 
-### Recent vulnerabilities linked to the specified vulnerability
+Vulnerabilities linked to a specific vulnerability (e.g. cross-source
+correlation, follow-ups):
 
 ```bash
 $ curl 'https://vulnerability.circl.lu/recent/all.atom?vulnerability=cve-2021-22280'
+```
+
+Sample response:
+
+```xml
 <?xml version='1.0' encoding='UTF-8'?>
 <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
-<id>https://vulnerability.circl.lu/rss/recent/all/10</id>
-<title>Most recent entries from all</title>
-<updated>2024-11-26T08:03:09.000211+00:00</updated>
-<author>
+  <id>https://vulnerability.circl.lu/rss/recent/all/10</id>
+  <title>Most recent entries from all</title>
+  <updated>2024-11-26T08:03:09.000211+00:00</updated>
+  <author>
     <name>Vulnerability-Lookup</name>
     <email>info@circl.lu</email>
-</author>
-<link href="https://vulnerability.circl.lu" rel="alternate"/>
-<generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
-<subtitle>Contains only the most 10 recent entries.</subtitle>
-<entry>
+  </author>
+  <link href="https://vulnerability.circl.lu" rel="alternate"/>
+  <subtitle>Contains only the most 10 recent entries.</subtitle>
+  <entry>
     <id>https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx</id>
     <title>ghsa-x53h-2cjp-mwcx</title>
     <updated>2024-11-26T08:03:09.013675+00:00</updated>
     <link href="https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx"/>
-</entry>
-<entry>
-    <id>https://vulnerability.circl.lu/vuln/gsd-2021-22280</id>
-    <title>gsd-2021-22280</title>
-    <updated>2024-11-26T08:03:09.013602+00:00</updated>
-    <link href="https://vulnerability.circl.lu/vuln/gsd-2021-22280"/>
-</entry>
+  </entry>
+  <!-- ... -->
 </feed>
 ```
 
-### Subscribing to the activity related to a vulnerability
+### Subscribing to sightings
 
-The request will return recent observations (sightings) related to a vuln.
+For a specific vulnerability:
 
 ```bash
 $ curl 'https://vulnerability.circl.lu/sightings/feed.atom?vulnerability=CVE-2024-0012'
 ```
 
-### Recent sightings related to a product
+For every vulnerability affecting a product (CPE):
 
 ```bash
 $ curl 'https://vulnerability.circl.lu/sightings/cpesearch/cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*/feed.atom'
 ```
 
-This will return recent sightings related to all CVEs for the specified product (identified by its CPE identifier).
-Sightings are based on information from various trusted sources, including security websites, Exploit-DB.com, GitHub repositories, security blogs, social networks, and MISP.
+Sightings are aggregated from various trusted sources, including security
+websites, Exploit-DB, GitHub repositories, security blogs, social
+networks, and MISP.
+
+### Subscribing to comments, bundles, or user activity
+
+Recent comments across the instance:
+
+```bash
+$ curl https://vulnerability.circl.lu/comments/feed.atom
+```
+
+Comments by a single user:
+
+```bash
+$ curl 'https://vulnerability.circl.lu/comments/feed.atom?user=alice'
+```
+
+Recent activity for a single user (sightings + comments + bundles in one
+feed):
+
+```bash
+$ curl https://vulnerability.circl.lu/user/alice.atom
+```
+
+## See also
+
+- [API v1](api-v1.md) — paginated, programmatic access including
+  `since=`-based incremental sync, cross-source correlation, and the
+  full OpenAPI specification.
+- [Access patterns for automated consumers](access-patterns.md) —
+  authoritative guidance on which surface to use for which use case
+  (feeds vs. API vs. stream vs. bulk dumps), identification etiquette,
+  and rate-limit posture.
@@ -43,7 +43,7 @@ performance-tuning
 ```
 
 ```{toctree}
-:caption: Usage
+:caption: Consuming the data
 :maxdepth: 3
 :hidden:
 
 
@@ -173,9 +173,9 @@
 <li class="toctree-l1"><a class="reference internal" href="logging.html">Logging</a></li>
 <li class="toctree-l1"><a class="reference internal" href="performance-tuning.html">Performance Tuning</a></li>
 </ul>
-<p aria-level="2" class="caption" role="heading"><span class="caption-text">Usage</span></p>
+<p aria-level="2" class="caption" role="heading"><span class="caption-text">Consuming the data</span></p>
 <ul class="current nav bd-sidenav">
-<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication (RSS / Atom)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="api-v1.html">API v1</a></li>
 <li class="toctree-l1 current active"><a class="current reference internal" href="#">Access patterns for automated consumers</a></li>
 </ul>
 
@@ -48,7 +48,7 @@
     <link rel="index" title="Index" href="genindex.html" />
     <link rel="search" title="Search" href="search.html" />
     <link rel="next" title="Access patterns for automated consumers" href="access-patterns.html" />
-    <link rel="prev" title="Feed syndication" href="feeds.html" />
+    <link rel="prev" title="Feed syndication (RSS / Atom)" href="feeds.html" />
   <meta name="viewport" content="width=device-width, initial-scale=1"/>
   <meta name="docsearch:language" content="en"/>
   <meta name="docsearch:version" content="" />
@@ -173,9 +173,9 @@
 <li class="toctree-l1"><a class="reference internal" href="logging.html">Logging</a></li>
 <li class="toctree-l1"><a class="reference internal" href="performance-tuning.html">Performance Tuning</a></li>
 </ul>
-<p aria-level="2" class="caption" role="heading"><span class="caption-text">Usage</span></p>
+<p aria-level="2" class="caption" role="heading"><span class="caption-text">Consuming the data</span></p>
 <ul class="current nav bd-sidenav">
-<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication (RSS / Atom)</a></li>
 <li class="toctree-l1 current active"><a class="current reference internal" href="#">API v1</a></li>
 <li class="toctree-l1"><a class="reference internal" href="access-patterns.html">Access patterns for automated consumers</a></li>
 </ul>
@@ -1847,7 +1847,7 @@ <h3>KEV (Known Exploited Vulnerabilities)<a class="headerlink" href="#kev-known-
       <i class="fa-solid fa-angle-left"></i>
       <div class="prev-next-info">
         <p class="prev-next-subtitle">previous</p>
-        <p class="prev-next-title">Feed syndication</p>
+        <p class="prev-next-title">Feed syndication (RSS / Atom)</p>
       </div>
     </a>
     <a class="right-next"
 
@@ -173,9 +173,9 @@
 <li class="toctree-l1"><a class="reference internal" href="logging.html">Logging</a></li>
 <li class="toctree-l1"><a class="reference internal" href="performance-tuning.html">Performance Tuning</a></li>
 </ul>
-<p aria-level="2" class="caption" role="heading"><span class="caption-text">Usage</span></p>
+<p aria-level="2" class="caption" role="heading"><span class="caption-text">Consuming the data</span></p>
 <ul class="nav bd-sidenav">
-<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication (RSS / Atom)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="api-v1.html">API v1</a></li>
 <li class="toctree-l1"><a class="reference internal" href="access-patterns.html">Access patterns for automated consumers</a></li>
 </ul>
 
@@ -173,9 +173,9 @@
 <li class="toctree-l1"><a class="reference internal" href="logging.html">Logging</a></li>
 <li class="toctree-l1"><a class="reference internal" href="performance-tuning.html">Performance Tuning</a></li>
 </ul>
-<p aria-level="2" class="caption" role="heading"><span class="caption-text">Usage</span></p>
+<p aria-level="2" class="caption" role="heading"><span class="caption-text">Consuming the data</span></p>
 <ul class="nav bd-sidenav">
-<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication (RSS / Atom)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="api-v1.html">API v1</a></li>
 <li class="toctree-l1"><a class="reference internal" href="access-patterns.html">Access patterns for automated consumers</a></li>
 </ul>
 
@@ -172,9 +172,9 @@
 <li class="toctree-l1"><a class="reference internal" href="logging.html">Logging</a></li>
 <li class="toctree-l1"><a class="reference internal" href="performance-tuning.html">Performance Tuning</a></li>
 </ul>
-<p aria-level="2" class="caption" role="heading"><span class="caption-text">Usage</span></p>
+<p aria-level="2" class="caption" role="heading"><span class="caption-text">Consuming the data</span></p>
 <ul class="nav bd-sidenav">
-<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication</a></li>
+<li class="toctree-l1"><a class="reference internal" href="feeds.html">Feed syndication (RSS / Atom)</a></li>
 <li class="toctree-l1"><a class="reference internal" href="api-v1.html">API v1</a></li>
 <li class="toctree-l1"><a class="reference internal" href="access-patterns.html">Access patterns for automated consumers</a></li>
 </ul>