Support for CPE v2.3
CPE stands for Common Platform Enumeration. CPE naming specifications define standardized methods for assigning names to IT product classes. With this update, SVR will now support CPE v2.3 for naming the software products. To view the CPE v2.3 product naming, click on any SAID > CPE Exists, Click for Details link a popup appears with the CPE 2.3 details.
Effective December 15, 2023, NVD will retire the CPE v2.2 legacy feed. Consequently, current products in SVR will be visible in both CPE v2.2 and CPE v2.3 naming formats during this transitional period. However, it's important to note that any new products added to SVR in the future will be displayed in the CPE v2.3 naming format, and the CPE v2.2 format only if available.
REST API Enhancement
The following new REST API has been added for the Products:
|
REST API |
Description |
|
/api/cpe23-products/ |
This new API is introduced in this update. This API will return the entire list of CPEs v2.3 and when available, its associated product in SVR. |
The following existing REST API have extended support:
|
REST API |
Description |
|
/api/advisories/ |
This API now returns a new property named cpes23. This new property contains the products in the CPE v2.3 naming format that are affected by the selected advisory. |
|
/api/product-releases/ |
This API now returns a new property named cpes23. For the selected product, when available, the cpes23 property contains the CPE v2.3 naming format of the product. |