Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using the information from cisa in grype #1511

Open
tomerse-sg opened this issue Sep 21, 2023 · 4 comments
Open

Using the information from cisa in grype #1511

tomerse-sg opened this issue Sep 21, 2023 · 4 comments
Labels
database Relating to the grype DB asset enhancement New feature or request
Milestone
DB v6

Comments

@tomerse-sg
Copy link

What would you like to be added:
CISA provided information regarding if vulnerabilities were exploit.
it will be helpful to present or use this kind of information in grype. I saw we already sync this kind of information from NVD.
link - https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Why is this needed:

  • prioritize vulnerabilities which were already exploit
  • more data about known vulnerabilities
    Additional context:
@tomerse-sg tomerse-sg added the enhancement New feature or request label Sep 21, 2023
@tomerse-sg
Copy link
Author

is it possible to add it to the grype-db schema change that is planned in the future?
it can be a cool enrichment

@alonmaor
Copy link

alonmaor commented Jul 1, 2024

this would be great a enrichment for the existing vulnerabilities
any update on this?

@tomerse-sg
Copy link
Author

can be relevant for here? anchore/grype-db#108

@wagoodman wagoodman added this to the DB v6 milestone Aug 7, 2024
@wagoodman
Copy link
Contributor

Indeed it will be part of the DB v6 work, which is currently being designed (and this feature is already be incorporated from a schema perspective) 🎉 What will need to happen after the schema lands is to update vunnel/grype-db to slurp in the data and populate it into the DB.

@wagoodman wagoodman added the database Relating to the grype DB asset label Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
database Relating to the grype DB asset enhancement New feature or request
Projects
OSS
Status: Ready
Milestone
DB v6
Development

No branches or pull requests
3 participants
@wagoodman @alonmaor @tomerse-sg