Table of Contents generated with DocToc
tools/cve-org/
Capability: contract:cve-authority
Kind: implementation
Vendor: CVE.org
CVE.org publication client. Submits CVE records via the CVE.org REST API; consumed by security-cve-allocate once a CVE has been allocated via the ASF Vulnogram path. See tool.md for the protocol detail and cve.org field mapping.
Prerequisites
- Runtime: None of its own — this directory documents a read-only adapter; the publication-state check is a
curl+jqone-liner (seetool.md). - CLIs:
curlandjq. - Credentials / auth: None — cve.org is the public CVE registry and the CVE Services API has no auth.
- Network:
cveawg.mitre.org(CVE Services API v2) andwww.cve.org(the HTML record); optionallynvd.nist.govfor the alternative public registry.
Configuration
Adopters select this backend with <project-config>/project.md →
cve_authority.tool: cve-org-direct when they operate directly against
CVE Services rather than an ASF Vulnogram tenant. The adopter-facing
field vocabulary is documented in
projects/_template/cve-allocation-config.md and
projects/_template/security-intake-config.md.