Documentation
¶
Overview ¶
Package nvd provides a vulnerability source backed by the NIST NVD API.
Index ¶
- Constants
- type Option
- type Source
- func (s *Source) Get(ctx context.Context, id string) (*vulns.Vulnerability, error)
- func (s *Source) Name() string
- func (s *Source) Query(ctx context.Context, p *purl.PURL) ([]vulns.Vulnerability, error)
- func (s *Source) QueryBatch(ctx context.Context, purls []*purl.PURL) ([][]vulns.Vulnerability, error)
Constants ¶
const ( DefaultAPIURL = "https://services.nvd.nist.gov/rest/json/cves/2.0" DefaultTimeout = 30 * time.Second )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Option ¶
type Option func(*Source)
Option configures a Source.
func WithAPIKey ¶
WithAPIKey sets the NVD API key. Optional but recommended to avoid rate limits. Without a key: 5 requests per 30 seconds. With a key: 50 requests per 30 seconds.
func WithHTTPClient ¶
WithHTTPClient sets a custom HTTP client.
type Source ¶
type Source struct {
// contains filtered or unexported fields
}
Source implements vulns.Source using the NVD API. Note: NVD is CVE-focused and queries by CPE, not package name directly. PURL-to-CPE mapping is approximate.
func (*Source) Query ¶
Query returns vulnerabilities affecting the package identified by the PURL. NVD uses CPE for matching, so this converts the PURL to a CPE search.
func (*Source) QueryBatch ¶
func (s *Source) QueryBatch(ctx context.Context, purls []*purl.PURL) ([][]vulns.Vulnerability, error)
QueryBatch queries multiple packages. NVD doesn't have a batch API, so this makes individual requests with rate limiting.
Source Files