A few days ago we released v2 of the API for VulnDB HQ, our platform to manage vulnerability databases.
A lot of work has happened in the background to pave the way to a more stable and comprehensive API. From the consumer perspective we now have a dedicated endpoint for API access (i.e. /api/) and can specify API versions via the Accept HTTP header. You can read all about it in the VulnDB HQ API v2 guide in our support site.
To make everyone’s life easier we’ve also open sourced a Ruby client-side library to make it easy for you to integrate VulnDB HQ with your own tools and systems. You can find it in our GitHub page:
https://github.com/securityroots/vulndbhq
We hope you find this useful!
That API is woefully inadequate. There is no information regarding how to pull information from the public pages (which is simply to replace private_pages with public_pages), there is NO information on the format of PUT or POST requests to update or create entries. And furthermore, SSL is not even required for access, even though the little bit of information on that API page indicates it should be. All that is required is simple in-the-clear authentication over http.
Hi Charles,
I think you’re 100% right. We are in the process of moving the support information to a new /support section in VulnDB’s site. Hopefully we will complete the API docs that are missing.
Will look into the SSL issue asap (we’re also in the process of implementing a new token-based authentication).
Thanks for the wake-up call.
update (2013-05-08): the new VulnDB Help site addresses most of Charles original concerns. We’ve implemented token-based authentication, made the SSL requirements more strict and document access to the Public library using the API. We will continue to update and improve it in the coming weeks, watch that space!
-Daniel