Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Collect raw data from CISA KEV and other sources and store them in git repo #1643

Closed
keshav-space opened this issue Nov 8, 2024 · 4 comments · Fixed by #1685
Closed

Collect raw data from CISA KEV and other sources and store them in git repo #1643

keshav-space opened this issue Nov 8, 2024 · 4 comments · Fixed by #1685
Labels
Data collection
Milestone
v36.0.0 - 3-next

Comments

@keshav-space
Copy link
Member

Since some sources like CISA KEV restrict/limits access to many cloud service networks. We need to collect these upstream raw data and store it in git repositories. We can use GitHub workflows to collect and store the raw data in git repos.
@keshav-space keshav-space mentioned this issue Nov 8, 2024
Closed
@pombredanne pombredanne added this to the v36.0.0 - 3-next milestone Dec 2, 2024
@pombredanne
Copy link
Member

I reached out to CISA and https://github.com/aboutcode-org/aboutcode-mirror-kev seems to be working again.
The plain https fetch does not work on our servers:

wget https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
--2024-12-02 15:37:43--  https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Resolving www.cisa.gov (www.cisa.gov)... 2a02:26f0:7100:8a8::447a, 2a02:26f0:7100:8b3::447a, 23.67.131.29
Connecting to www.cisa.gov (www.cisa.gov)|2a02:26f0:7100:8a8::447a|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2024-12-02 15:37:43 ERROR 403: Forbidden.

@pombredanne
Copy link
Member

@keshav-space the fix could be as simple as pointing to https://raw.githubusercontent.com/aboutcode-org/aboutcode-mirror-kev/refs/heads/main/known_exploited_vulnerabilities.json instead of the upstream KEV, right?

@pombredanne pombredanne mentioned this issue Dec 2, 2024
Closed
@keshav-space
Copy link
Member Author

the fix could be as simple as pointing to https://raw.githubusercontent.com/aboutcode-org/aboutcode-mirror-kev/refs/heads/main/known_exploited_vulnerabilities.json instead of the upstream KEV, right?

@pombredanne yes

@keshav-space keshav-space mentioned this issue Dec 2, 2024
Merged
@keshav-space keshav-space linked a pull request Dec 2, 2024 that will close this issue
Use AboutCode mirror for collecting CISA KEV #1685
Merged
@amanion-cisa
Copy link

I realize this issue is closed but making sure @todb-cisa knows about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Data collection
Projects
None yet
Milestone
v36.0.0 - 3-next
Development

Successfully merging a pull request may close this issue.

Use AboutCode mirror for collecting CISA KEV aboutcode-org/vulnerablecode
3 participants
@pombredanne @keshav-space @amanion-cisa