On 9 December 2016 at 08:13, Guillaume Berche <bercheg(a)gmail.com> wrote:

thanks for pushing these security notifications to the cloudfoundry

site and this mailing list!
+1

Also, is there an RSS feed that enables programmatic access to newly
disclosed vulnerabilities on the security page ?

+1

We're currently doing this by running an app [1] in our CF that scrapes the
Pivotal security page once an hour & creates events in Datadog
corresponding to new CVEs. Datadog then raises a ticket in our support
system. It's perhaps a bit over-engineered, but we wanted to have the
events in Datadog so we could put the alerts in a dashboard etc. if we
wanted.

We only used the Pivotal security page because the Cloud Foundry one didn't
exist then. Ideally there would be a stable machine-readable list of all
CVEs relevant to the open source product. If it is RSS/atom we might be
able to do what we want without writing code, using something like
https://ifttt.com/

Cheers,
Graham

[1] https://github.com/alphagov/paas-cve-notifier