Problem
Currently to Corporate SSL proxy blocks the download of Advisory DB, although there is way to resolve it, but in some cases it's directly blocked to connect outside of our air-gap environment. Can we have a provision to pass down the our own custom Advisory json file? Instead of cli pulling it.
Proposed idea
User can provide their own Advisory JSON file.
CLI Exposing schema json file to make sure provided json is as per the standard CLI tool need.
User can provide file path for the advisory JSON file. It's user responsibility to keep this file updated.
Describe the feature or improvement.
Why it fits this project
Explain why this aligns with CVE Lite CLI's goals:
- practical developer usability
- Running scan of your app against older CVEs, Older versions of application shouldn't be flagged for the new CVE.
CLI:
cve-lite --advisory-json /path/to/advisory.json
Problem
Currently to Corporate SSL proxy blocks the download of Advisory DB, although there is way to resolve it, but in some cases it's directly blocked to connect outside of our air-gap environment. Can we have a provision to pass down the our own custom Advisory json file? Instead of cli pulling it.
Proposed idea
User can provide their own Advisory JSON file.
CLI Exposing schema json file to make sure provided json is as per the standard CLI tool need.
User can provide file path for the advisory JSON file. It's user responsibility to keep this file updated.
Describe the feature or improvement.
Why it fits this project
Explain why this aligns with CVE Lite CLI's goals:
CLI:
cve-lite --advisory-json /path/to/advisory.json