diff --git a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle
index bd38157..5dbcd03 100644
--- a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle
+++ b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle
@@ -12,7 +12,7 @@ plugins {
}
group 'io.github.jeremylong'
-version = '4.1.3'
+version = '5.0.0'
repositories {
mavenCentral()
diff --git a/open-vulnerability-clients/README.md b/open-vulnerability-clients/README.md
index 13c8ecd..868c38b 100644
--- a/open-vulnerability-clients/README.md
+++ b/open-vulnerability-clients/README.md
@@ -39,14 +39,14 @@ See API usage examples in the [open-vulnerability-store](https://github.com/jere
io.github.jeremylong
open-vulnerability-clients
- 4.1.2
+ 5.0.0
```
### gradle
```groovy
-implementation 'io.github.jeremylong:open-vulnerability-clients:4.1.2'
+implementation 'io.github.jeremylong:open-vulnerability-clients:5.0.0'
```
### api usage
diff --git a/open-vulnerability-store/README.md b/open-vulnerability-store/README.md
index 5541014..cce830d 100644
--- a/open-vulnerability-store/README.md
+++ b/open-vulnerability-store/README.md
@@ -1,164 +1,5 @@
-# data-source
+# open-vulnerability-store
-
-
-
-# gh-advisory-lib
-
-A client for the GitHub GraphQL API to retrieve the GitHub Security Advisories.
-
-The client requires a GitHub Personal Access Token to access the API.
-
-## usage
-
-### maven
-
-```xml
-
- io.github.jeremylong
- gh-advisory-lib
- 2.0.2
-
-```
-
-### gradle
-
-```groovy
-implementation 'io.github.jeremylong:gh-advisory-lib:2.0.2'
-```
-
-### building from source
-
-```shell
-./gradlew build
-```
-
-### api usage
-
-The API is intended to be fairly simple; an example implementation is given below to retrieve the entire GitHub Security Advisory data
-set - including a mechanism to keep the data up to date.
-
-```java
-
-import GitHubSecurityAdvisoryClient;
-import GitHubSecurityAdvisoryClientBuilder;
-import SecurityAdvisory;
-
-import java.time.ZoneOffset;
-import java.time.ZonedDateTime;
-import java.util.List;
-
-public class Example {
- ZonedDateTime retrieveLastUpdated() {
- // TODO implement a storage/retrieval mechanism for the last updated date.
-
- return ZonedDateTime.now(ZoneOffset.UTC).minusDays(1);
- }
-
- void storeLastUpdated(ZonedDateTime lastUpdated) {
- // TODO implement a storage/retrieval mechanism for the last update time.
- }
-
- @Test
- void testNext() throws Exception {
- String apiKey = System.getenv("GITHUB_TOKEN");
-
- GitHubSecurityAdvisoryClientBuilder builder = GitHubSecurityAdvisoryClientBuilder
- .aGitHubSecurityAdvisoryClient()
- .withApiKey(apiKey);
-
- ZonedDateTime lastUpdated = retrieveLastUpdated();
- if (lastUpdated != null) {
- builder.withUpdatedSinceFilter(lastUpdated);
- }
- try (GitHubSecurityAdvisoryClient client = builder.build()) {
- if (client.hasNext()) {
- List result = client.next();
- //TODO do something useful with the SecurityAdvisories
- }
- storeLastUpdated(client.getLastUpdated());
- }
- }
-}
-```
-
-
-# nvd-lib
-
-A client for the NVD API to retrieve vulnerability data.
-
-An API Key for the NVD API is highly recommended - especially when downloading the full Vulnerability Catalog from the
-NVD. Without an API key downloading takes 10+ minutes; whereas with an API key (and using 4 threads) the entire NVD
-Vulnerability Catalog can be downloaded in ~90 seconds.
-
-## usage
-
-### maven
-
-```xml
-
- io.github.jeremylong
- nvd-lib
- 2.0.2
-
-```
-
-### gradle
-
-```groovy
-implementation 'io.github.jeremylong:nvd-lib:2.0.2'
-```
-
-### building from source
-
-```shell
-./gradlew build
-```
-
-### api usage
-
-The API is intended to be fairly simple; an example implementation is given below to retrieve the entire NVD CVE data
-set - including a mechanism to keep the data up to date.
-
-```java
-import NvdCveApi;
-import NvdCveApiBuilder;
-import DefCveItem;
-
-import java.time.ZonedDateTime;
-import java.util.Collection;
-
-public class Example {
-
- ZonedDateTime retrieveLastUpdated() {
- // TODO implement a storage/retrieval mechanism.
- return null;
- }
-
- void storeLasUpdated(ZonedDateTime lastUpdated) {
- // TODO implement a storage/retrieval mechanism.
- }
-
- public void update() {
- ZonedDateTime lastModifiedRequest = retrieveLastUpdated();
- NvdCveApiBuilder builder = NvdCveApiBuilder.aNvdCveApi();
- if (lastModifiedRequest != null) {
- ZonedDateTime end = lastModifiedRequest.minusDays(-120);
- builder.withLastModifiedFilter(lastModifiedRequest, end);
- }
- //TODO add API key with builder's `withApiKey()`
- //TODO if an API Key is used consider adding `withThreadCount(4)`
- //TODO add any additional filters via the builder's `withFilter()`
- try (NvdCveApi api = builder.build()) {
- while (api.hasNext()) {
- Collection items = api.next();
- //TODO do something with the items
- }
- lastModifiedRequest = api.getLastModifiedRequest();
- } catch (Exception e) {
- e.printStackTrace();
- }
- storeLasUpdated(lastModifiedRequest);
- }
-}
-```
\ No newline at end of file
+The open-vulnerability-store is an experimental project to build a database containing a normalized
+set of vulnerability information. Currently, the library can be used to create a database of the
+GitHub Security Advisories, NVD CVE data, the CISA Known Expoited Vulnerabilities Catalog, and EPSS.
diff --git a/vulnz/README.md b/vulnz/README.md
index 9827798..5d33d61 100644
--- a/vulnz/README.md
+++ b/vulnz/README.md
@@ -54,7 +54,7 @@ export JAVA_OPTS="-Xmx2g"
Alternatively, run the CLI using the `-Xmx2g` argument:
```bash
-java -Xmx2g -jar ./vulnz-4.1.2.jar
+java -Xmx2g -jar ./vulnz-5.0.0.jar
```
### Creating the Cache
@@ -71,7 +71,7 @@ for file in *.json; do gzip -k "${file}"; done
Alternatively, without using the above install command:
```bash
-./vulnz-4.1.2.jar cve --cache --directory ./cache
+./vulnz-5.0.0.jar cve --cache --directory ./cache
cd cache
for file in *.json; do gzip -k "${file}"; done
```