Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CNA information difficult to obtain without scraping and parsing all CVEs #69

Open
nisamson opened this issue Sep 6, 2024 · 6 comments
Open

CNA information difficult to obtain without scraping and parsing all CVEs #69

nisamson opened this issue Sep 6, 2024 · 6 comments

Comments

@nisamson
Copy link

nisamson commented Sep 6, 2024
edited
Loading

There is a mapping between some GUIDs and CNAs that exists in the providerMetadata fields, e.g.

"providerMetadata": {
  "dateUpdated": "2022-07-03T22:16:27",
  "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
  "shortName": "ibm"
}

However, there doesn't appear to be a way to gather a mapping of these organizational IDs or a clear way to get additional information about them, e.g. a contact email or a longer form name. It would be very useful to have a dictionary of this information for correlation with some downstream consumers of the CVE.org data like NIST NVD who are currently just using the UUID when they publish their information.

Additionally, even though it is public, there is no way of programmatically obtaining the contact information for or the name of a CNA even though this information is public without scraping the CVE.org website (if there is, please correct me; I can't find any indication of such an offering existing).
@jgamblin
Copy link

jgamblin commented Sep 7, 2024

@nisamson,

It is not an "officially supported" method, but I use the JSON from the GitHub repo for this information to stop from having to scrape the site: https://raw.githubusercontent.com/CVEProject/cve-website/main/src/assets/data/CNAsList.json

The JSON has not been updated to include the orgID but I opened a request on the website repo to see if it is possible to add that. CVEProject/cve-website#2907

@M-nj
Copy link
Collaborator

M-nj commented Sep 10, 2024

See this for a mapping of Org ID to CNA full names.
https://www.cve.org/cve-partner-name-map.json

@jgamblin
Copy link

@M-nj Thank you so much! That is so helpful!

@jgamblin
Copy link

@M-nj this file is now empty? It was populated this morning.

@M-nj
Copy link
Collaborator

M-nj commented Sep 16, 2024

@M-nj this file is now empty? It was populated this morning.

This has been a known issue for that file, however it may have been patched as of Sept 11th, 2024. Please see CVEProject/cve-website#1996 (comment). If this issue persists, feel free to contribute to that issue.

@mprpic
Copy link

mprpic commented Oct 8, 2024

This is essentially a duplicate of CVEProject/automation-working-group#133. Please add specific use cases that would be met if this data were to be published in official form (instead of a set of unofficial website assets). Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mprpic @nisamson @jgamblin @M-nj