Locked Opencve v1.2 - CVE Alerting Platform

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

OpenCVE

OpenCVE (formerly known as Saucs) is a platform that alerts you about new vulnerabilities related to the CVE list.

How does it work

OpenCVE uses the JSON feed provided by the NVD to be synchronized.

After an initial import, a background task is regularly executed to check changes in the list. If a new CVE is added, or if a change is detected, the subscribers of the related vendors and products will be alerted.

For now, the only method of notification is the mail, but we plan to add other integrations (webhooks, Slack, Jira, PagerDuty, OpsGenie…).

Changelog v1.2

This release introduces 2 new migrations:

    one to create the cves_tags and users_tags tables,
    the other to add GIN indexes on cves.summary and cves.cve_id columns.

The GIN indexes is part of the pg_trgm module of PostgreSQL. The opencve upgrade-db command will enable it for you, but you can also do it yourself if you prefer (CREATE EXTENSION pg_trgm). From PostgreSQL 13 this module is considered as trusted, meaning it can be installed by non-superusers with the CREATE privilege.

These indexes act on common and widely used columns, so we recommend you to stop the workers (web & celery) during the upgrade.
Added

    Improved search functionality on /cve
    Add GIN indexes on cves.summary and cves.cve_id
    New API Endpoint (user subscriptions)
    Add the tags feature

Fixed

    trim() the text of the ‘Subscribe’ button
    CVE can be filtered by CWE and vendor in the same query
    Default tag color wasn’t correctly handled

This is the hidden content, please

• Sign In
• or
• Sign Up