Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CISA KEV provider #774

Merged
merged 1 commit into from
Feb 21, 2025
Merged

Add CISA KEV provider #774

merged 1 commit into from
Feb 21, 2025
+455 −0

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Feb 19, 2025
edited
Loading

This adds known exploited indications for CVEs from the CISA KEV dataset . This can later be utilized in grype/grype-db to decorate vulnerability matches.

Partially addresses #632
Partially addresses anchore/grype#1511

@wagoodman
add key provider
50f95fd 
Signed-off-by: Alex Goodman <[email protected]>
@wagoodman wagoodman requested a review from a team February 19, 2025 22:47
@wagoodman wagoodman marked this pull request as ready for review February 20, 2025 13:41
@wagoodman wagoodman self-assigned this Feb 20, 2025
@wagoodman wagoodman added the enhancement New feature or request label Feb 20, 2025
@wagoodman wagoodman linked an issue Feb 20, 2025 that may be closed by this pull request
add exploit \ epss for cves #632
Closed
willmurphyscode
willmurphyscode reviewed Feb 21, 2025
View reviewed changes
tests/unit/providers/kev/test-fixtures/snapshots/valid-catalog-1/kev:cve-2025-0108.json
"dateAdded": "2025-02-18",
"dueDate": "2025-03-11",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://security.paloaltonetworks.com/CVE-2025-0108 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0108",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I doubt this is really our doing, but I noticed that the notes field sometimes has / escaped like \/ and sometimes doesn't. Any idea why?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

believe it or not the JSON spec allows for slashes to be escaped, but it is not required. I have no idea why they decided to do this. I also don't know why they don't have a url array instead of essentially a comment field with ; delimited URLs.

@wagoodman wagoodman merged commit 118efe5 into main Feb 21, 2025
13 checks passed
@wagoodman wagoodman deleted the add-kev-provider branch February 21, 2025 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willmurphyscode willmurphyscode willmurphyscode approved these changes

Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

add exploit \ epss for cves
2 participants
@wagoodman @willmurphyscode