On Mon, Aug 4, 2025 at 7:40 AM Florian Weimer via devel < devel@lists.centos.org> wrote:
- lura:
Thanks for reaching out! For CentOS Stream 8, 9, and 10, the best approach is indeed to reference the corresponding RHEL advisories, as CentOS Stream follows RHEL closely. You can programmatically track RHEL CVEs to stay updated. Let me know if you need help with specific tools or APIs!
And don't forget to review that your use of Red Hat CVE data meets with the licensing terms that Red Hat publishes here:
Yep, and the data itself is licensed CC-BY-4.0. There's also some examples of the data api: https://docs.redhat.com/en/documentation/red_hat_security_data_api/1.0/html-...
There's some implementations from others to reference, too: https://github.com/resf/distro-tools/tree/main/apollo and I think AlmaLinux has one in their build system.
--Neil
Thanks, Florian
devel mailing list -- devel@lists.centos.org To unsubscribe send an email to devel-leave@lists.centos.org