Retire remaining active NVD sources
这个提交包含在:
hao
@@ -87,7 +87,7 @@
|
||||
<h1>当前架构库镜像</h1>
|
||||
<div class="meta">工作台内置镜像页:当前架构库结构化数据镜像。</div>
|
||||
<pre>{
|
||||
"generated_at": "2026-03-19T02:54:09+00:00",
|
||||
"generated_at": "2026-03-19T03:38:08+00:00",
|
||||
"title": "当前架构库",
|
||||
"summary": "工作台、控制面、数据层、授权边界与系统覆盖的当前真值视图。",
|
||||
"sections": [
|
||||
@@ -137,7 +137,7 @@
|
||||
},
|
||||
{
|
||||
"label": "生成时间",
|
||||
"value": "2026-03-19T02:54:09+00:00"
|
||||
"value": "2026-03-19T03:38:08+00:00"
|
||||
}
|
||||
],
|
||||
"links": [
|
||||
@@ -1303,7 +1303,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 1",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -1337,7 +1337,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "NVD ASP.NET Core"
|
||||
"value": "OSV ASP.NET Core\nNVD ASP.NET Core"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -3789,7 +3789,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 1",
|
||||
"官方源 2",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -3823,7 +3823,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "NVD Adminer"
|
||||
"value": "OSV Adminer\nNVD Adminer"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -3874,7 +3874,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -3908,7 +3908,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "GitLab Security Releases\nNVD GitLab"
|
||||
"value": "GitLab Security Releases\nGitLab Security Releases Atom\nNVD GitLab"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -4129,7 +4129,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -4163,7 +4163,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Jenkins Security Advisories\nNVD Jenkins"
|
||||
"value": "Jenkins Security Advisories\nJenkins Security Advisories RSS\nNVD Jenkins"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -4214,7 +4214,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"近两年全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 0",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -4248,7 +4248,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Elastic Security Announcements\nNVD Kibana"
|
||||
"value": "Elastic Security Announcements\nElastic Security Announcements RSS\nNVD Kibana"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
@@ -5191,7 +5191,7 @@
|
||||
"open": false,
|
||||
"badges": [
|
||||
"历史全量",
|
||||
"官方源 2",
|
||||
"官方源 3",
|
||||
"生态源 1",
|
||||
"研究源 0"
|
||||
],
|
||||
@@ -5225,7 +5225,7 @@
|
||||
"fields": [
|
||||
{
|
||||
"label": "官方来源",
|
||||
"value": "Magento GitHub Advisories\nNVD Magento"
|
||||
"value": "Magento GitHub Advisories\nOSV Magento Open Source\nNVD Magento"
|
||||
},
|
||||
{
|
||||
"label": "生态来源",
|
||||
|
||||
@@ -87,6 +87,18 @@
|
||||
<h1>Retired Sources & Replacement Map</h1>
|
||||
<div class="meta">工作台内置镜像页:退役源、退役原因和 replacement_sources 真值。</div>
|
||||
<pre>[
|
||||
{
|
||||
"system_id": "adminer",
|
||||
"display_name": "Adminer",
|
||||
"source_name": "NVD Adminer",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "OSV Adminer provides a machine-readable Packagist-aligned source, removing the need for NVD public search.",
|
||||
"replacement_sources": [
|
||||
"OSV Adminer"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
@@ -114,6 +126,18 @@
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
"source_name": "NVD Adobe Commerce",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "Adobe Magento Security Index is now the active official machine-readable source, so NVD public search is no longer needed for daily collection.",
|
||||
"replacement_sources": [
|
||||
"Adobe Magento Security Index"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "adobe-commerce",
|
||||
"display_name": "Adobe Commerce",
|
||||
@@ -139,6 +163,44 @@
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "apache-httpd",
|
||||
"display_name": "Apache HTTP Server",
|
||||
"source_name": "NVD Apache HTTP Server",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "Official Apache HTTPD advisories page plus CISA KEV are sufficient active sources for daily monitoring.",
|
||||
"replacement_sources": [
|
||||
"Apache HTTPD Security",
|
||||
"CISA KEV Apache HTTPD"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "apache-tomcat",
|
||||
"display_name": "Apache Tomcat",
|
||||
"source_name": "NVD Tomcat",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.",
|
||||
"replacement_sources": [
|
||||
"Apache Tomcat Security",
|
||||
"CISA KEV Tomcat"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "aspnet-core",
|
||||
"display_name": "ASP.NET Core",
|
||||
"source_name": "NVD ASP.NET Core",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.",
|
||||
"replacement_sources": [
|
||||
"OSV ASP.NET Core"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "astro",
|
||||
"display_name": "Astro",
|
||||
@@ -288,6 +350,19 @@
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "gitlab-ce",
|
||||
"display_name": "GitLab CE",
|
||||
"source_name": "NVD GitLab",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.",
|
||||
"replacement_sources": [
|
||||
"GitLab Security Releases",
|
||||
"GitLab Security Releases Atom"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "hapi",
|
||||
"display_name": "Hapi",
|
||||
@@ -312,6 +387,31 @@
|
||||
],
|
||||
"url": "https://www.haproxy.org/security/"
|
||||
},
|
||||
{
|
||||
"system_id": "haproxy",
|
||||
"display_name": "HAProxy",
|
||||
"source_name": "NVD HAProxy",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "HAProxy Blog Feed is an active official RSS source, so NVD public search is no longer required.",
|
||||
"replacement_sources": [
|
||||
"HAProxy Blog Feed"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "jenkins",
|
||||
"display_name": "Jenkins",
|
||||
"source_name": "NVD Jenkins",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "Jenkins Security Advisories RSS provides an official machine-readable feed, replacing NVD public search.",
|
||||
"replacement_sources": [
|
||||
"Jenkins Security Advisories",
|
||||
"Jenkins Security Advisories RSS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "joomla",
|
||||
"display_name": "Joomla",
|
||||
@@ -325,6 +425,19 @@
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "kibana",
|
||||
"display_name": "Kibana",
|
||||
"source_name": "NVD Kibana",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "Elastic Security Announcements RSS provides an official machine-readable feed, replacing NVD public search.",
|
||||
"replacement_sources": [
|
||||
"Elastic Security Announcements",
|
||||
"Elastic Security Announcements RSS"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "koa",
|
||||
"display_name": "Koa",
|
||||
@@ -349,6 +462,19 @@
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "magento-open-source",
|
||||
"display_name": "Magento Open Source",
|
||||
"source_name": "NVD Magento",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "OSV Magento Open Source plus Magento GitHub advisories replace NVD public search for machine-readable collection.",
|
||||
"replacement_sources": [
|
||||
"Magento GitHub Advisories",
|
||||
"OSV Magento Open Source"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "mattermost",
|
||||
"display_name": "Mattermost",
|
||||
@@ -461,6 +587,19 @@
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "nginx",
|
||||
"display_name": "Nginx",
|
||||
"source_name": "NVD NGINX",
|
||||
"bucket": "official_sources",
|
||||
"kind": "nvd-search",
|
||||
"retired_reason": "Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.",
|
||||
"replacement_sources": [
|
||||
"NGINX Security Advisories",
|
||||
"CISA KEV NGINX"
|
||||
],
|
||||
"url": ""
|
||||
},
|
||||
{
|
||||
"system_id": "nuxt",
|
||||
"display_name": "Nuxt",
|
||||
|
||||
@@ -88,20 +88,25 @@
|
||||
<div class="meta">工作台内置镜像页:active/retired source、replacement map 与覆盖摘要。</div>
|
||||
<pre># Source Catalog Audit
|
||||
|
||||
- generated_at: `2026-03-19T02:53:49+00:00`
|
||||
- generated_at: `2026-03-19T03:37:56+00:00`
|
||||
- systems: `62`
|
||||
- sources: `173`
|
||||
- active_sources: `118`
|
||||
- retired_sources: `55`
|
||||
- sources: `179`
|
||||
- active_sources: `113`
|
||||
- retired_sources: `66`
|
||||
- systems_with_active_official: `61/62`
|
||||
- systems_with_machine_readable_source: `62/62`
|
||||
- systems_with_machine_readable_source: `61/62`
|
||||
|
||||
## Retired Sources
|
||||
|
||||
- `adminer` `NVD Adminer` -> replacements: `OSV Adminer` | reason: OSV Adminer provides a machine-readable Packagist-aligned source, removing the need for NVD public search.
|
||||
- `adobe-commerce` `Adobe Security Bulletins` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce, GHSA Adobe Commerce` | reason: Original bulletin index probe was unstable under the old transport path; vendor index replacement uses explicit request policy and parser hints.
|
||||
- `adobe-commerce` `GHSA Adobe Commerce` -> replacements: `Adobe Magento Security Index, NVD Adobe Commerce` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Adobe index and NVD remain active replacements.
|
||||
- `adobe-commerce` `NVD Adobe Commerce` -> replacements: `Adobe Magento Security Index` | reason: Adobe Magento Security Index is now the active official machine-readable source, so NVD public search is no longer needed for daily collection.
|
||||
- `adobe-commerce` `Sansec Research` -> replacements: `GHSA Adobe Commerce, Adobe Magento Security Index` | reason: Research index is too slow for daily active monitoring; GHSA Adobe Commerce provides a stable machine-readable replacement.
|
||||
- `angular` `GitHub Global Advisories` -> replacements: `OSV Angular` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Angular remains the active replacement source.
|
||||
- `apache-httpd` `NVD Apache HTTP Server` -> replacements: `Apache HTTPD Security, CISA KEV Apache HTTPD` | reason: Official Apache HTTPD advisories page plus CISA KEV are sufficient active sources for daily monitoring.
|
||||
- `apache-tomcat` `NVD Tomcat` -> replacements: `Apache Tomcat Security, CISA KEV Tomcat` | reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
|
||||
- `aspnet-core` `NVD ASP.NET Core` -> replacements: `OSV ASP.NET Core` | reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
|
||||
- `astro` `GitHub Global Advisories` -> replacements: `OSV Astro` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Astro remains the active replacement source.
|
||||
- `discourse` `Discourse Meta Security` -> replacements: `Discourse Release Notes RSS, GitHub Discourse Advisories` | reason: Meta security category HTML changed and no longer provides stable scrape semantics for health checks.
|
||||
- `discourse` `GitHub Discourse Advisories` -> replacements: `Discourse Release Notes RSS, Discourse Security RSS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Discourse release feed remains the active official source.
|
||||
@@ -114,11 +119,16 @@
|
||||
- `fastify` `GitHub Global Advisories` -> replacements: `OSV Fastify` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Fastify remains the active replacement source.
|
||||
- `flask` `GitHub Global Advisories` -> replacements: `OSV Flask` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Flask remains the active machine-readable source.
|
||||
- `ghost` `NVD Ghost` -> replacements: `Ghost GitHub Advisories, OSV Ghost` | reason: OSV Ghost replaces NVD for machine-readable collection and keeps npm package alignment.
|
||||
- `gitlab-ce` `NVD GitLab` -> replacements: `GitLab Security Releases, GitLab Security Releases Atom` | reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
|
||||
- `hapi` `GitHub Global Advisories` -> replacements: `OSV Hapi` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Hapi remains the active replacement source.
|
||||
- `haproxy` `HAProxy Security Advisories` -> replacements: `HAProxy Blog Feed` | reason: Legacy haproxy.org security page no longer yields stable scrape results for monitoring.
|
||||
- `haproxy` `NVD HAProxy` -> replacements: `HAProxy Blog Feed` | reason: HAProxy Blog Feed is an active official RSS source, so NVD public search is no longer required.
|
||||
- `jenkins` `NVD Jenkins` -> replacements: `Jenkins Security Advisories, Jenkins Security Advisories RSS` | reason: Jenkins Security Advisories RSS provides an official machine-readable feed, replacing NVD public search.
|
||||
- `joomla` `NVD Joomla` -> replacements: `Joomla Security Centre, OSV Joomla` | reason: OSV Joomla CMS replaces NVD for machine-readable collection without public NVD throttling.
|
||||
- `kibana` `NVD Kibana` -> replacements: `Elastic Security Announcements, Elastic Security Announcements RSS` | reason: Elastic Security Announcements RSS provides an official machine-readable feed, replacing NVD public search.
|
||||
- `koa` `GitHub Global Advisories` -> replacements: `OSV Koa` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV Koa remains the active replacement source.
|
||||
- `laravel` `GitHub Global Advisories` -> replacements: `OSV Laravel` | reason: Unauthenticated GitHub advisory API is quota-limited; OSV Laravel remains the active machine-readable source.
|
||||
- `magento-open-source` `NVD Magento` -> replacements: `Magento GitHub Advisories, OSV Magento Open Source` | reason: OSV Magento Open Source plus Magento GitHub advisories replace NVD public search for machine-readable collection.
|
||||
- `mattermost` `Mattermost Security Updates` -> replacements: `NVD Mattermost` | reason: Mattermost security updates page returned repeated 403 responses from the collector path; NVD replacement remains active.
|
||||
- `mattermost` `NVD Mattermost` -> replacements: `Mattermost Security Updates JSON, OSV Mattermost` | reason: Mattermost official JSON feed plus OSV Mattermost replace NVD for lower-latency machine-readable collection.
|
||||
- `mediawiki` `MediaWiki Security Releases` -> replacements: `MediaWiki Announce RSS, NVD MediaWiki` | reason: MediaWiki security page is no longer reachable reliably from the collector path; NVD replacement remains active.
|
||||
@@ -128,6 +138,7 @@
|
||||
- `nestjs` `GitHub Global Advisories` -> replacements: `OSV NestJS` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; OSV NestJS remains the active replacement source.
|
||||
- `nestjs` `NVD NestJS` -> replacements: `OSV NestJS` | reason: OSV NestJS replaces NVD public search for lower-latency machine-readable collection.
|
||||
- `nextjs` `GitHub Global Advisories` -> replacements: `GitHub Next.js Advisories, OSV Next.js` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; GitHub Next.js Advisories and OSV Next.js remain active replacements.
|
||||
- `nginx` `NVD NGINX` -> replacements: `NGINX Security Advisories, CISA KEV NGINX` | reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
|
||||
- `nuxt` `GitHub Global Advisories` -> replacements: `Nuxt Security, OSV Nuxt` | reason: Unauthenticated GHSA API requests are rate-limited in daily monitoring; Nuxt Security and OSV Nuxt remain active replacements.
|
||||
- `opencart` `NVD OpenCart` -> replacements: `OpenCart Releases, OSV OpenCart` | reason: OSV OpenCart replaces NVD for machine-readable collection while official release source remains active.
|
||||
- `openmage` `NVD OpenMage` -> replacements: `OpenMage GitHub Advisories, OSV OpenMage` | reason: OSV OpenMage replaces NVD for machine-readable composer-aligned collection.
|
||||
|
||||
@@ -544,6 +544,9 @@ systems:
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 50
|
||||
status: retired
|
||||
retired_reason: Adobe Magento Security Index is now the active official machine-readable source, so NVD public search is no longer needed for daily collection.
|
||||
replacement_sources: [Adobe Magento Security Index]
|
||||
ecosystem_sources:
|
||||
- name: GHSA Adobe Commerce
|
||||
kind: ghsa-global
|
||||
@@ -591,12 +594,19 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [magento]
|
||||
max_items: 50
|
||||
- name: OSV Magento Open Source
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
- name: NVD Magento
|
||||
kind: nvd-search
|
||||
keyword: Magento
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 50
|
||||
status: retired
|
||||
retired_reason: OSV Magento Open Source plus Magento GitHub advisories replace NVD public search for machine-readable collection.
|
||||
replacement_sources: [Magento GitHub Advisories, OSV Magento Open Source]
|
||||
ecosystem_sources:
|
||||
- name: Sansec Research
|
||||
kind: html-links
|
||||
@@ -607,9 +617,9 @@ systems:
|
||||
max_items: 50
|
||||
research_sources: []
|
||||
package_names:
|
||||
- ecosystem: composer
|
||||
- ecosystem: Packagist
|
||||
name: magento/product-community-edition
|
||||
- ecosystem: composer
|
||||
- ecosystem: Packagist
|
||||
name: magento/framework
|
||||
cpe_keys: ["magento:magento"]
|
||||
ghsa_keywords: [magento]
|
||||
@@ -1900,15 +1910,24 @@ systems:
|
||||
tier: rolling-24m
|
||||
advisory_modes: [core]
|
||||
official_sources:
|
||||
- name: OSV ASP.NET Core
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
- name: NVD ASP.NET Core
|
||||
kind: nvd-search
|
||||
keyword: ASP.NET Core
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
status: retired
|
||||
retired_reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
|
||||
replacement_sources: [OSV ASP.NET Core]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
package_names:
|
||||
- ecosystem: NuGet
|
||||
name: Microsoft.AspNetCore.App
|
||||
cpe_keys: ["microsoft:asp.net_core"]
|
||||
ghsa_keywords: [asp.net core]
|
||||
kev_keywords: [asp.net core]
|
||||
@@ -1982,6 +2001,9 @@ systems:
|
||||
confidence: official
|
||||
advisory_mode: server
|
||||
results_per_page: 50
|
||||
status: retired
|
||||
retired_reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
|
||||
replacement_sources: [NGINX Security Advisories, CISA KEV NGINX]
|
||||
- name: CISA KEV NGINX
|
||||
kind: kev-json
|
||||
url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
|
||||
@@ -2024,6 +2046,9 @@ systems:
|
||||
confidence: official
|
||||
advisory_mode: server
|
||||
results_per_page: 50
|
||||
status: retired
|
||||
retired_reason: Official Apache HTTPD advisories page plus CISA KEV are sufficient active sources for daily monitoring.
|
||||
replacement_sources: [Apache HTTPD Security, CISA KEV Apache HTTPD]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
@@ -2060,6 +2085,9 @@ systems:
|
||||
confidence: official
|
||||
advisory_mode: server
|
||||
results_per_page: 50
|
||||
status: retired
|
||||
retired_reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
|
||||
replacement_sources: [Apache Tomcat Security, CISA KEV Tomcat]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
@@ -2160,6 +2188,9 @@ systems:
|
||||
confidence: official
|
||||
advisory_mode: server
|
||||
results_per_page: 40
|
||||
status: retired
|
||||
retired_reason: HAProxy Blog Feed is an active official RSS source, so NVD public search is no longer required.
|
||||
replacement_sources: [HAProxy Blog Feed]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
@@ -2216,15 +2247,24 @@ systems:
|
||||
tier: rolling-24m
|
||||
advisory_modes: [core]
|
||||
official_sources:
|
||||
- name: OSV Adminer
|
||||
kind: osv-batch
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
- name: NVD Adminer
|
||||
kind: nvd-search
|
||||
keyword: Adminer
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
status: retired
|
||||
retired_reason: OSV Adminer provides a machine-readable Packagist-aligned source, removing the need for NVD public search.
|
||||
replacement_sources: [OSV Adminer]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
package_names:
|
||||
- ecosystem: Packagist
|
||||
name: vrana/adminer
|
||||
cpe_keys: ["adminer:adminer"]
|
||||
ghsa_keywords: [adminer]
|
||||
kev_keywords: [adminer]
|
||||
@@ -2276,12 +2316,22 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [security release, gitlab]
|
||||
max_items: 50
|
||||
- name: GitLab Security Releases Atom
|
||||
kind: atom-feed
|
||||
url: https://about.gitlab.com/security-releases.xml
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [security release, gitlab]
|
||||
max_items: 50
|
||||
- name: NVD GitLab
|
||||
kind: nvd-search
|
||||
keyword: GitLab CE
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
status: retired
|
||||
retired_reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
|
||||
replacement_sources: [GitLab Security Releases, GitLab Security Releases Atom]
|
||||
ecosystem_sources:
|
||||
- name: GitLab Advisory Database
|
||||
kind: html-links
|
||||
@@ -2313,12 +2363,22 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [jenkins]
|
||||
max_items: 60
|
||||
- name: Jenkins Security Advisories RSS
|
||||
kind: rss-feed
|
||||
url: https://www.jenkins.io/security/advisories/rss.xml
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [jenkins]
|
||||
max_items: 60
|
||||
- name: NVD Jenkins
|
||||
kind: nvd-search
|
||||
keyword: Jenkins
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
status: retired
|
||||
retired_reason: Jenkins Security Advisories RSS provides an official machine-readable feed, replacing NVD public search.
|
||||
replacement_sources: [Jenkins Security Advisories, Jenkins Security Advisories RSS]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
@@ -2374,12 +2434,22 @@ systems:
|
||||
advisory_mode: core
|
||||
keywords: [kibana, elastic, security]
|
||||
max_items: 60
|
||||
- name: Elastic Security Announcements RSS
|
||||
kind: rss-feed
|
||||
url: https://discuss.elastic.co/c/announcements/security-announcements/31.rss
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
keywords: [kibana, elastic, security]
|
||||
max_items: 60
|
||||
- name: NVD Kibana
|
||||
kind: nvd-search
|
||||
keyword: Kibana
|
||||
confidence: official
|
||||
advisory_mode: core
|
||||
results_per_page: 40
|
||||
status: retired
|
||||
retired_reason: Elastic Security Announcements RSS provides an official machine-readable feed, replacing NVD public search.
|
||||
replacement_sources: [Elastic Security Announcements, Elastic Security Announcements RSS]
|
||||
ecosystem_sources: []
|
||||
research_sources: []
|
||||
package_names: []
|
||||
|
||||
@@ -88,15 +88,15 @@
|
||||
<div class="meta">工作台内置镜像页:89 条 advisory 最新完整度、family 矩阵与 ingest 健康度。</div>
|
||||
<pre># 全库 Advisory 完整度报告
|
||||
|
||||
- 生成时间: `2026-03-19T02:54:09+00:00`
|
||||
- 生成时间: `2026-03-19T03:38:08+00:00`
|
||||
- 最新 advisory 完整度: `89/89` `verified-real`
|
||||
- 合成验证数量: `0`
|
||||
- 阻塞数量: `0`
|
||||
- 人工/待补证据数量: `0`
|
||||
- 完整度百分比: `100.0%`
|
||||
- active source 全绿: `118/118`
|
||||
- active source 全绿: `113/113`
|
||||
- source open alerts: `0`
|
||||
- 最近一次 source 全绿: `2026-03-19T02:53:57+00:00`
|
||||
- 最近一次 source 全绿: `2026-03-19T03:38:01+00:00`
|
||||
|
||||
## 系统覆盖矩阵
|
||||
|
||||
@@ -118,8 +118,8 @@
|
||||
## Ingest / Source 健康度
|
||||
|
||||
- source failures: `0`
|
||||
- active sources: `118`
|
||||
- green sources: `118`
|
||||
- active sources: `113`
|
||||
- green sources: `113`
|
||||
- open alerts: `0`
|
||||
|
||||
## 剩余风险说明
|
||||
|
||||
在新工单中引用
屏蔽一个用户