A small web tool to compare the CVE descriptions in CSAF documents with the descriptions in CVE databases.
- Upload a CSAF document
- The tool extracts the referenced CDE IDs and descriptions
- For each vulnerability, it loads the CVE descriptions from a CVE API
- The tools highlights the differences
- Press a button to overwrite the CVE description in the CSAF document with the description from the CVE database
- Download the updated CSAF document
It uses docker compose and port 48050.
SPDX-License-Identifier: Apache-2.0
SPDX-FileCopyrightText: 2024 German Federal Office for Information Security (BSI) <https://www.bsi.bund.de>
Software-Engineering: 2024 Intevation GmbH <https://intevation.de>