Retire remaining active NVD sources

2026-03-18 20:38:36 -07:00
--- a/08-threat-intel/generated/dashboard/docs/source-map.html
+++ b/08-threat-intel/generated/dashboard/docs/source-map.html
@@ -544,6 +544,9 @@ systems:
        confidence: official
        advisory_mode: core
        results_per_page: 50
+        status: retired
+        retired_reason: Adobe Magento Security Index is now the active official machine-readable source, so NVD public search is no longer needed for daily collection.
+        replacement_sources: [Adobe Magento Security Index]
    ecosystem_sources:
      - name: GHSA Adobe Commerce
        kind: ghsa-global
@@ -591,12 +594,19 @@ systems:
        advisory_mode: core
        keywords: [magento]
        max_items: 50
+      - name: OSV Magento Open Source
+        kind: osv-batch
+        confidence: official
+        advisory_mode: core
      - name: NVD Magento
        kind: nvd-search
        keyword: Magento
        confidence: official
        advisory_mode: core
        results_per_page: 50
+        status: retired
+        retired_reason: OSV Magento Open Source plus Magento GitHub advisories replace NVD public search for machine-readable collection.
+        replacement_sources: [Magento GitHub Advisories, OSV Magento Open Source]
    ecosystem_sources:
      - name: Sansec Research
        kind: html-links
@@ -607,9 +617,9 @@ systems:
        max_items: 50
    research_sources: []
    package_names:
-      - ecosystem: composer
+      - ecosystem: Packagist
        name: magento/product-community-edition
-      - ecosystem: composer
+      - ecosystem: Packagist
        name: magento/framework
    cpe_keys: [&quot;magento:magento&quot;]
    ghsa_keywords: [magento]
@@ -1900,15 +1910,24 @@ systems:
    tier: rolling-24m
    advisory_modes: [core]
    official_sources:
+      - name: OSV ASP.NET Core
+        kind: osv-batch
+        confidence: official
+        advisory_mode: core
      - name: NVD ASP.NET Core
        kind: nvd-search
        keyword: ASP.NET Core
        confidence: official
        advisory_mode: core
        results_per_page: 40
+        status: retired
+        retired_reason: OSV ASP.NET Core provides machine-readable NuGet-aligned coverage with lower latency than NVD public search.
+        replacement_sources: [OSV ASP.NET Core]
    ecosystem_sources: []
    research_sources: []
-    package_names: []
+    package_names:
+      - ecosystem: NuGet
+        name: Microsoft.AspNetCore.App
    cpe_keys: [&quot;microsoft:asp.net_core&quot;]
    ghsa_keywords: [asp.net core]
    kev_keywords: [asp.net core]
@@ -1982,6 +2001,9 @@ systems:
        confidence: official
        advisory_mode: server
        results_per_page: 50
+        status: retired
+        retired_reason: Official NGINX advisories page and CISA KEV together provide the needed daily signal without NVD public-search latency.
+        replacement_sources: [NGINX Security Advisories, CISA KEV NGINX]
      - name: CISA KEV NGINX
        kind: kev-json
        url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
@@ -2024,6 +2046,9 @@ systems:
        confidence: official
        advisory_mode: server
        results_per_page: 50
+        status: retired
+        retired_reason: Official Apache HTTPD advisories page plus CISA KEV are sufficient active sources for daily monitoring.
+        replacement_sources: [Apache HTTPD Security, CISA KEV Apache HTTPD]
    ecosystem_sources: []
    research_sources: []
    package_names: []
@@ -2060,6 +2085,9 @@ systems:
        confidence: official
        advisory_mode: server
        results_per_page: 50
+        status: retired
+        retired_reason: Official Tomcat advisories page plus CISA KEV are sufficient active sources for daily monitoring.
+        replacement_sources: [Apache Tomcat Security, CISA KEV Tomcat]
    ecosystem_sources: []
    research_sources: []
    package_names: []
@@ -2160,6 +2188,9 @@ systems:
        confidence: official
        advisory_mode: server
        results_per_page: 40
+        status: retired
+        retired_reason: HAProxy Blog Feed is an active official RSS source, so NVD public search is no longer required.
+        replacement_sources: [HAProxy Blog Feed]
    ecosystem_sources: []
    research_sources: []
    package_names: []
@@ -2216,15 +2247,24 @@ systems:
    tier: rolling-24m
    advisory_modes: [core]
    official_sources:
+      - name: OSV Adminer
+        kind: osv-batch
+        confidence: official
+        advisory_mode: core
      - name: NVD Adminer
        kind: nvd-search
        keyword: Adminer
        confidence: official
        advisory_mode: core
        results_per_page: 40
+        status: retired
+        retired_reason: OSV Adminer provides a machine-readable Packagist-aligned source, removing the need for NVD public search.
+        replacement_sources: [OSV Adminer]
    ecosystem_sources: []
    research_sources: []
-    package_names: []
+    package_names:
+      - ecosystem: Packagist
+        name: vrana/adminer
    cpe_keys: [&quot;adminer:adminer&quot;]
    ghsa_keywords: [adminer]
    kev_keywords: [adminer]
@@ -2276,12 +2316,22 @@ systems:
        advisory_mode: core
        keywords: [security release, gitlab]
        max_items: 50
+      - name: GitLab Security Releases Atom
+        kind: atom-feed
+        url: https://about.gitlab.com/security-releases.xml
+        confidence: official
+        advisory_mode: core
+        keywords: [security release, gitlab]
+        max_items: 50
      - name: NVD GitLab
        kind: nvd-search
        keyword: GitLab CE
        confidence: official
        advisory_mode: core
        results_per_page: 40
+        status: retired
+        retired_reason: GitLab Security Releases Atom provides an official machine-readable feed, so NVD public search is no longer required.
+        replacement_sources: [GitLab Security Releases, GitLab Security Releases Atom]
    ecosystem_sources:
      - name: GitLab Advisory Database
        kind: html-links
@@ -2313,12 +2363,22 @@ systems:
        advisory_mode: core
        keywords: [jenkins]
        max_items: 60
+      - name: Jenkins Security Advisories RSS
+        kind: rss-feed
+        url: https://www.jenkins.io/security/advisories/rss.xml
+        confidence: official
+        advisory_mode: core
+        keywords: [jenkins]
+        max_items: 60
      - name: NVD Jenkins
        kind: nvd-search
        keyword: Jenkins
        confidence: official
        advisory_mode: core
        results_per_page: 40
+        status: retired
+        retired_reason: Jenkins Security Advisories RSS provides an official machine-readable feed, replacing NVD public search.
+        replacement_sources: [Jenkins Security Advisories, Jenkins Security Advisories RSS]
    ecosystem_sources: []
    research_sources: []
    package_names: []
@@ -2374,12 +2434,22 @@ systems:
        advisory_mode: core
        keywords: [kibana, elastic, security]
        max_items: 60
+      - name: Elastic Security Announcements RSS
+        kind: rss-feed
+        url: https://discuss.elastic.co/c/announcements/security-announcements/31.rss
+        confidence: official
+        advisory_mode: core
+        keywords: [kibana, elastic, security]
+        max_items: 60
      - name: NVD Kibana
        kind: nvd-search
        keyword: Kibana
        confidence: official
        advisory_mode: core
        results_per_page: 40
+        status: retired
+        retired_reason: Elastic Security Announcements RSS provides an official machine-readable feed, replacing NVD public search.
+        replacement_sources: [Elastic Security Announcements, Elastic Security Announcements RSS]
    ecosystem_sources: []
    research_sources: []
    package_names: []