Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an API for the ruby-advisory-db #46

Open
postmodern opened this issue Aug 23, 2013 · 6 comments
Open

Add an API for the ruby-advisory-db #46

postmodern opened this issue Aug 23, 2013 · 6 comments
Assignees

Comments

@postmodern
Copy link
Member

Add an API for interacting with the database.

  • Searching for advisories by CVE or gem.
  • Testing if a Gem::Version is vulnerable.
  • Downloading and updating a copy of the database.
@ghost ghost assigned postmodern Aug 23, 2013
@reconbot
Copy link

I'd love to put this in my ci build. Right now heroku gives some warnings and that isn't enough.

@jasnow
Copy link
Contributor

jasnow commented May 30, 2023

How would an API work? Can you please provide an example.
Would https://github.com/rubysec/rubysec.github.io be involved?

@postmodern
Copy link
Member Author

@jasnow I believe this would be a Ruby library for interacting with the ruby-advisory-db, so that other tools could interface with it in the same way that bundler-audit does.

@postmodern
Copy link
Member Author

Maybe it could have a rudimentary CLI that could update the DB or query a specific advisory or gem-version.

@postmodern
Copy link
Member Author

We could create a static JSON feed for the website as yet-another-way to get the advisory data. Might be worth creating a separate issue in the website repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants