On Mon, Aug 4, 2025 at 7:40 AM Florian Weimer via devel <devel@lists.centos.org> wrote:

* lura:

> Thanks for reaching out! For CentOS Stream 8, 9, and 10, the best
> approach is indeed to reference the corresponding RHEL advisories, as
> CentOS Stream follows RHEL closely. You can programmatically track
> RHEL CVEs to stay updated. Let me know if you need help with specific
> tools or APIs!

And don't forget to review that your use of Red Hat CVE data meets with
the licensing terms that Red Hat publishes here:

<https://www.redhat.com/en/about/terms-use>

Yep, and the data itself is licensed CC-BY-4.0. There's also some examples of the data api: https://docs.redhat.com/en/documentation/red_hat_security_data_api/1.0/html-single/red_hat_security_data_api/index

There's some implementations from others to reference, too: https://github.com/resf/distro-tools/tree/main/apollo and I think AlmaLinux has one in their build system.

--Neil

Thanks,
Florian

_______________________________________________
devel mailing list -- devel@lists.centos.org
To unsubscribe send an email to devel-leave@lists.centos.org