Hello Red Hat Team, We are working on surfacing CVEs from customer machines to our admin portal and wanted to clarify the correct approach for CentOS Stream. Since CentOS Stream 8, 9, and 10 do not have separate CVE advisories published, is there any official or recommended way to programmatically extract security advisories or CVE data applicable to CentOS Stream - 8, 9, 10? If not, is mapping advisories from the corresponding RHEL versions the only supported method for identifying applicable CVEs?
Any guidance or documentation reference would be greatly appreciated.
Thank you!