UPDATE CVE module to use NVD API instead of JSON feed
heryxpc opened this issue · comments
Hector Eryx Paredes Camacho commented
Feature request template
Title: UPDATE CVE module to use NVD API instead of JSON feed
Description:
NIST National Vulnerability Database will deprecate all data feeds in favor of their CVE API in December 15th 2023.
The CVE import module currently uses JSON 1.1 Vulnerability Feed at
cartography/cartography/intel/cve/feed.py
Line 32 in 62c1841
Using the new API would involve a new approach to perform incremental updates based on their API guidance, like:
- Use an API key from nvd.nist.org/developers/request-an-api-key if provided
- Avoid rate limit controls of 5 requests in a span of 30 seconds
- Run a single initial ingest
- Perform incremental updates based on the latest updatetag to from syncmetadata
[ Relevant Links:]
- https://nvd.nist.gov/vuln/data-feeds - announcing deprecation date
- https://nvd.nist.gov/developers/vulnerabilities - API docs
- https://nvd.nist.gov/developers/start-here# - API best practices
[Additional context:]
CVE ingestion is used for both Semgrep and Crowdstrke Spotlight ingestion.