Collect, analyze and notify vendors of CVEs
The intention of this project is to search for CVEs by vendor.
The vendor can be notified when new CVEs are logged, and when they do not have a corresponding GitHub issue reference (indicating the CVE has also been logged as an issue).
This should help vendor awareness of CVEs, as well as ensure GitHub issues are logged for each CVE.
Consider using this with an API key from NIST, this will avoid rate limits for API requests.
Set the api key as an environment variable:
export API_KEY="your api key"
Run the script with the vendor name as an argument:
./vendor-cve-checker-json.py tinyproxy
This will build a json file (format vendorName.json) which contains all CVEs for that vendor. This could be ingested into SIEM solutions.
Another use could be to visualize the CVE scores/severity over time. For that I have created time-series-plotter-tooltip.py.
To run it, simply pass the json file as an argument after the script from the command line.
Example:
./time-series-plotter-tooltip.py tinyproxy.json
The time series plot of severity scores (along with tool tip pop ups with the CVE number) can get very cramped when there are a high number of CVEs per year.
Next task should be to break up the json file output into years.