Release 1.5.0
Release 1.5.0 (2024-08-30)
News
- new: Import JVN DB (Japan database of vulnerability countermeasure information).
Closes #67 - new: [commands] The dump command can now dump comments (--comments) and bundles (--bundles).
Closes #65. - new: [website] Is now possible to assign tags related to a comment.
Tags are automatically stored in the meta field of the comment. The default taxonomy used for the tags is defined in the MISP project: https://www.misp-project.org/taxonomies.html#_vulnerability_3
Improvements
- chg: [API] Added a new argument in order to let the user filter comments based on data in the meta JSON field.
- chg: [website] Filtering the list of public comments by their type (in the future with a taxonomy)
- chg: [website] Added references from the NVD meta section in the details view
- chg: [API] Added the possibility to filter bundles with a query on the meta JSONB field via the API.
Fixes
- fix: [website] Ensures that the vulnerability id has been specified by the user.
even when the user is an administrator.
Online version
If you want to test vulnerability-lookup without installing it, you can use the CIRCL public instance https://vulnerability.circl.lu/.
Funding
The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.
vulnerability-lookup is co-funded by CIRCL and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.