更新: 103 个文件 - 2026-03-18 19:24:37
这个提交包含在:
hao
@@ -88,12 +88,12 @@
|
||||
<div class="meta">工作台内置镜像页:active/retired source、replacement map 与覆盖摘要。</div>
|
||||
<pre># Source Catalog Audit
|
||||
|
||||
- generated_at: `2026-03-18T21:16:34+00:00`
|
||||
- generated_at: `2026-03-19T02:22:09+00:00`
|
||||
- systems: `62`
|
||||
- sources: `161`
|
||||
- active_sources: `125`
|
||||
- retired_sources: `36`
|
||||
- systems_with_active_official: `62/62`
|
||||
- sources: `173`
|
||||
- active_sources: `118`
|
||||
- retired_sources: `55`
|
||||
- systems_with_active_official: `61/62`
|
||||
- systems_with_machine_readable_source: `62/62`
|
||||
|
||||
## Retired Sources
|
||||
@@ -106,34 +106,53 @@
|
||||
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
|
||||
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
- `django` `Django Security RSS` -> replacements: `Django Security Weblog, Django Security Releases Archive` | reason: Official security tag feed became unstable; use official weblog index and release archive instead.
|
||||
- `drupal` `Drupal Security Advisories Site` -> replacements: `Drupal Security Advisories RSS, GHSA Drupal Core` | reason: Drupal security index page became unstable for repeated HTML scraping; RSS + GHSA replacement is used for active monitoring.
|
||||
- `drupal` `GHSA Drupal Core` -> replacements: `Drupal Security Advisories RSS, NVD Drupal` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; RSS and NVD remain active replacements.
|
||||
- `drupal` `NVD Drupal` -> replacements: `Drupal Security Advisories RSS, OSV Drupal` | reason: OSV Drupal + Drupal official RSS now cover machine-readable collection with lower cold-start latency than NVD public search.
|
||||
- `esbuild` `GitHub Global Advisories` -> replacements: `OSV esbuild` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV esbuild remains the active replacement source.
|
||||
- `esbuild` `NVD esbuild` -> replacements: `OSV esbuild` | reason: OSV esbuild replaces NVD public search for lower-latency machine-readable collection.
|
||||
- `express` `GitHub Global Advisories` -> replacements: `OSV Express` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Express remains the active replacement source.
|
||||
- `express` `NVD Express.js` -> replacements: `OSV Express` | reason: OSV Express replaces NVD public search for lower-latency machine-readable collection.
|
||||
- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
|
||||
- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
|
||||
- `ghost` `NVD Ghost` -> replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
|
||||
- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
|
||||
- `haproxy` `HAProxy Security Advisories` -> replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
|
||||
- `joomla` `NVD Joomla` -> replacements: `Joomla Security Centre, OSV Joomla` | reason: OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.
|
||||
- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
|
||||
- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
|
||||
- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `mattermost` `NVD Mattermost` -> replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
|
||||
- `mediawiki` `MediaWiki Security Releases` -> replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
- `mediawiki` `NVD MediaWiki` -> replacements: `MediaWiki Announce RSS, OSV MediaWiki` | reason: MediaWiki announce RSS plus OSV MediaWiki now replace NVD for lower-latency machine-readable collection.
|
||||
- `moodle` `Moodle Security News` -> replacements: `NVD Moodle` | reason: Security page is reachable with a browser-style UA, but the current markup only exposes generic "Discuss this topic" anchors to the collector; NVD Moodle remains the active replacement source until a richer parser is added.
|
||||
- `moodle` `NVD Moodle` -> replacements: `OSV Moodle` | reason: OSV Moodle replaces NVD for machine-readable collection while official Moodle sources remain for cross-checking.
|
||||
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
|
||||
- `nestjs` `NVD NestJS` -> replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
|
||||
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
|
||||
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
|
||||
- `opencart` `NVD OpenCart` -> replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
|
||||
- `openmage` `NVD OpenMage` -> replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
|
||||
- `phpmyadmin` `NVD phpMyAdmin` -> replacements: `phpMyAdmin Security Page, OSV phpMyAdmin` | reason: OSV phpMyAdmin replaces NVD for machine-readable collection while the official security page remains active.
|
||||
- `prestashop` `NVD PrestaShop` -> replacements: `PrestaShop Security Page, GitHub PrestaShop Advisories, OSV PrestaShop` | reason: OSV PrestaShop replaces NVD for machine-readable collection while official and ecosystem advisories remain active.
|
||||
- `rails` `GitHub Global Advisories` -> replacements: `OSV Rails` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Rails remains the active machine-readable source.
|
||||
- `rails` `NVD Ruby on Rails` -> replacements: `OSV Rails` | reason: OSV Rails replaces NVD public search for lower-latency machine-readable collection.
|
||||
- `react` `GitHub Global Advisories` -> replacements: `GitHub React Advisories, OSV React` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub React Advisories and OSV React remain active replacements.
|
||||
- `redmine` `NVD Redmine` -> replacements: `Redmine Security Advisories` | reason: Official Redmine advisories page remains active and NVD public search is retired to reduce cold-start latency.
|
||||
- `saleor` `NVD Saleor` -> replacements: `GitHub Saleor Advisories, OSV Saleor` | reason: OSV Saleor replaces NVD for machine-readable collection and aligns with the published PyPI package.
|
||||
- `shopware` `NVD Shopware` -> replacements: `Shopware Security Advisories, OSV Shopware` | reason: OSV Shopware replaces NVD for machine-readable collection with lower cold-start overhead.
|
||||
- `spring-boot` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Boot` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
|
||||
- `spring-framework` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Framework` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Spring official page and OSV remain the active replacements.
|
||||
- `spring-security` `GitHub Global Advisories` -> replacements: `Spring Security Advisories, OSV Spring Security` | reason: Unauthenticated GitHub advisory API is quota-limited; Spring official page and OSV remain the active replacements.
|
||||
- `sveltekit` `GitHub Global Advisories` -> replacements: `OSV SvelteKit` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV SvelteKit remains the active replacement source.
|
||||
- `symfony` `GitHub Global Advisories` -> replacements: `OSV Symfony` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Symfony remains the active machine-readable source.
|
||||
- `undici` `GitHub Global Advisories` -> replacements: `OSV Undici` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Undici remains the active replacement source.
|
||||
- `undici` `NVD Undici` -> replacements: `OSV Undici` | reason: OSV Undici replaces NVD public search for lower-latency machine-readable collection.
|
||||
- `vite` `GitHub Global Advisories` -> replacements: `Vite Security, OSV Vite` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vite Security and OSV Vite remain active replacements.
|
||||
- `vue` `GitHub Global Advisories` -> replacements: `Vue Security, OSV Vue` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Vue Security and OSV Vue remain active replacements.
|
||||
- `webpack` `GitHub Global Advisories` -> replacements: `OSV webpack` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV webpack remains the active replacement source.
|
||||
- `webpack` `NVD webpack` -> replacements: `OSV webpack` | reason: OSV webpack replaces NVD public search for lower-latency machine-readable collection.
|
||||
- `werkzeug` `GitHub Global Advisories` -> replacements: `OSV Werkzeug` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Werkzeug remains the active machine-readable source.
|
||||
- `woocommerce` `NVD WooCommerce` -> replacements: `Woo Developer Advisories, GitHub WooCommerce Advisories, OSV WooCommerce` | reason: OSV WooCommerce replaces NVD for machine-readable collection while official and ecosystem advisory pages remain active.
|
||||
- `wordpress` `NVD WordPress` -> replacements: `WordPress Security News RSS, Wordfence Vulnerability Database, WPScan Vulnerability Database` | reason: WordPress official RSS plus ecosystem plugin intelligence cover active collection with lower cold-start latency and lower public-search dependence than NVD.
|
||||
</pre>
|
||||
</div>
|
||||
</main>
|
||||
|
||||
在新工单中引用
屏蔽一个用户