Table of Contents generated with DocToc

tools/cve-org/

Capability: contract:cve-authority

Kind: implementation

Vendor: CVE.org

CVE.org publication client. Submits CVE records via the CVE.org REST API; consumed by security-cve-allocate once a CVE has been allocated via the ASF Vulnogram path. See tool.md for the protocol detail and cve.org field mapping.

Prerequisites

  • Runtime: None of its own — this directory documents a read-only adapter; the publication-state check is a curl + jq one-liner (see tool.md).
  • CLIs: curl and jq.
  • Credentials / auth: None — cve.org is the public CVE registry and the CVE Services API has no auth.
  • Network: cveawg.mitre.org (CVE Services API v2) and www.cve.org (the HTML record); optionally nvd.nist.gov for the alternative public registry.

Configuration

Adopters select this backend with <project-config>/project.mdcve_authority.tool: cve-org-direct when they operate directly against CVE Services rather than an ASF Vulnogram tenant. The adopter-facing field vocabulary is documented in projects/_template/cve-allocation-config.md and projects/_template/security-intake-config.md.

Suggest a change