https://github.com/jeremylong/open-vulnerability-project

Java libraries for working with available vulnerability data sources (GitHub Security Advisories, NVD, EPSS, CISA Known Exploited Vulnerabilities, etc.)
https://github.com/jeremylong/open-vulnerability-project

github-security-advisories java-library nvd-api

Last synced: 3 months ago
JSON representation

Java libraries for working with available vulnerability data sources (GitHub Security Advisories, NVD, EPSS, CISA Known Exploited Vulnerabilities, etc.)

• Host: GitHub
• URL: https://github.com/jeremylong/open-vulnerability-project
• Owner: jeremylong
• License: apache-2.0
• Created: 2022-11-08T12:22:10.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-09-30T15:54:24.000Z (8 months ago)
• Last Synced: 2024-10-13T15:41:25.042Z (7 months ago)
• Topics: github-security-advisories, java-library, nvd-api
• Language: Java
• Homepage:
• Size: 5.83 MB
• Stars: 112
• Watchers: 10
• Forks: 34
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • Contributing: .github/contributing.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE.txt

Awesome Lists containing this project

README

        
# Open Vulnerability Project

The Open Vulnerability Project is a collection of Java libraries and a CLI to work

with various vulnerability data-sources (NVD, GitHub Security Advisories, CISA Known Exploited Vulnerablity Catalog, FIRST Exploit Prediction Scoring System (EPSS), etc.).

- [open-vulnerability-clients](/open-vulnerability-clients) is a collection of clients to retrieve vulnerability data from various data-feeds and APIs.

- [vulnz](/vulnz) a simple CLI that can be used to access the vulnerability sources and persist the data using the open-vulnerability-store.

## Caching the NVD CVE API Data

One of the primary uses of the vulnz CLI is to be able to create a local cache of

the NVD CVE Data from their API. See the [vulnz/README.md](/vulnz/README.md#caching-the-nvd-cve-data)

for instructions on how to create and maintain the local cache.

## Upgrading from vuln-tools

The project started off called vuln-tools and the various APIs were seperated into

standalone JAR files. The project has been renamed to the Open Vulnerability Project.

- All of the client libraries are now in the [open-vulnerability-clients](/open-vulnerability-clients).

- Packages have been renamed/moved:

    - `io.github.jeremylong.ghsa.*` -> `io.github.jeremylong.openvulnerability.client.ghsa.*`

    - `io.github.jeremylong.nvdlib.*` -> 'io.github.jeremylong.openvulnerability.client.nvd.*'

    - `io.github.jeremylong.nvdlib.nvd` -> 'io.github.jeremylong.openvulnerability.client.nvd.*'

- The `NvdCveApi` class has been renamed to `NvdCveClient`.