[Buildroot] [PATCH 0/7] Add PURL support
Thomas Perale
thomas.perale at mind.be
Wed Apr 16 20:06:17 UTC 2025
Hello Thomas,
DependencyTrack uses NVD annotation unfortunately.
Regards,
Thomas
On 4/16/25 9:58 PM, Thomas Petazzoni wrote:
> Hello Thomas,
>
> On Wed, 16 Apr 2025 21:50:48 +0200
> Thomas Perale <thomas.perale at essensium.com> wrote:
>
>> The second advantage I see is that OSSIndex (that works with PURL) seems
>> to have a better matching of the CVE with packages. For instance
>> https://nvd.nist.gov/vuln/detail/CVE-2025-27556 is not reported for the
>> Django package and not associated to any version.
> That's because it has not been annotated by NVD. However
> https://github.com/CVEProject/cvelistV5/blob/main/cves/2025/27xxx/CVE-2025-27556.json
> does have it annotated, and associated to
> "cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*".
>
> Best regards,
>
> Thomas
More information about the buildroot
mailing list