NVD importer migration followups

@pombredanne I am starting this issue to track your comments in #664 

- [ ] _Originally posted by @pombredanne in https://github.com/nexB/vulnerablecode/pull/664#discussion_r845768104_

> Why do you remove the CVEs from references?
> We still want them there IMHO ... in particular that's where we would get the severity score from the NVD?
> 

- [ ] _Originally posted by @pombredanne in https://github.com/nexB/vulnerablecode/pull/664#discussion_r845771397_

> You are returning a set not a list. Should your return a sorted list then? Why using a set?

- [ ] _Originally posted by @pombredanne in https://github.com/nexB/vulnerablecode/pull/664#discussion_r845772878_

> It could make sense to:
> 1. extract the function to check if a single CVE is related to hardware
> 2. have a set of tests for this that would be easier to read including explicit tests with CPE 2.2 and 2.3 that are hardware or not.
>
> How many types of CPEs is there beyond hardware?



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

NVD importer migration followups #679

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

NVD importer migration followups #679

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions