Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New plugin for CVE Services API #427

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

New plugin for CVE Services API #427

wants to merge 1 commit into from

Conversation

ppaeps
Copy link

@ppaeps ppaeps commented Feb 13, 2024

Overview

The CVE Services API allows CVE Numbering Authorities (CNAs) to reserve, publish, and manage CVE IDs. This plugin sets the environment variables required to use the reference cvelib implementation of the API.

See also:
https://www.cve.org/AllResources/CveServices
https://github.com/RedHatProductSecurity/cvelib
https://vulnogram.github.io/cve5/#cvePortal

Type of change

  • Created a new plugin
  • Improved an existing plugin
  • Fixed a bug in an existing plugin
  • Improved contributor utilities or experience

How To Test

The CVE Services API can only be used by CNAs. Assuming you are a CNA (or a CNA can provide you with a test user), you can test authentication with cve ping.

Changelog

New CLI plugin for the CVE Services API.

@ppaeps ppaeps force-pushed the pp-add-cvelib branch 2 times, most recently from 09d673b to 40147f9 Compare April 9, 2024 04:18
@github-actions GitHub Actions
Copy link
Contributor

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

  1. Generate a GPG key
  2. Add the GPG key to your GitHub account
  3. Configure git to use your GPG key for commit signing
Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

  1. Generate an SSH key and add it to ssh-agent
  2. Add the SSH key to your GitHub account
  3. Configure git to use your SSH key for commit signing
Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.

Watch the demo

@ppaeps
plugins/cvelib: new plugin for CVE Services API
66895fb 
The CVE Services API allows CVE Numbering Authorities (CNAs) to reserve,
publish, and manage CVE IDs.  This plugin sets the environment variables
required to use the reference cvelib implementation of the API.

See also: https://www.cve.org/AllResources/CveServices
          https://github.com/RedHatProductSecurity/cvelib
          https://vulnogram.github.io/cve5/#cvePortal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ppaeps