Replies: 1 comment 1 reply
-
|
I am currently drafting a rough RFC for centralizing DT's vulnerability database, similar to what Grype and Trivy are doing. One of the goals is to make additions to supported databases easier. As long as China's database is public and doesn't end up getting geoblocked, I don't see a reason why we wouldn't want to support it. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
See here: #4122 |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Apparently China is starting to enforce to check products SBOMs against the CNNVD (https://en.wikipedia.org/wiki/Chinese_National_Vulnerability_Database) - a quick look at what they are doing on their webpage shows JSON data and CVE-Alias Data (but not for all - some only get a CNNVD ID).
What's the general consensus on adding direct support for such datasources next to e.g. the NVD?
Beta Was this translation helpful? Give feedback.
All reactions