Cybersecurity-Projects/PROJECTS/intermediate/security-news-scraper/testdata
CarterPerez-dev 41ffd49699 feat(nadezhda): keyless CVE enrichment, folded into scrape, news-first ranking
This is a security-news tool; CVE enrichment is optional garnish, never a
setup tax. Drop the NVD API key from the default path entirely.

- internal/cve/cvelist: keyless CVE Program cvelistV5 client (raw GitHub,
  carries CISA-ADP / vulnrichment CVSS). Parses cna and adp metrics with
  version precedence v4.0 > v3.1 > v3.0 > v2.0, plus CWE and description;
  404 maps to not-found; v2 severity is capped at HIGH. Introduces a
  neutral CoreResult and a CVESource interface (NVDResult renamed to
  CoreResult; NVDClient still satisfies it).
- enrich: Clients.Core is the CVESource. buildCoreSource picks the keyless
  cvelist client by default and NVD only when NVD_API_KEY is set (booster).
- scrape auto-enriches referenced CVEs best-effort after clustering
  (time-bounded, non-fatal, --no-enrich to skip); enrich kept as an
  optional manual refresh. Default flow is scrape -> tui.
- ranking default weights rebalanced news-first (recency / velocity /
  source / keyword 70 percent, cvss / kev / epss 30 percent; was 55 percent CVE).
- KAT fixture testdata/cvelist/CVE-2021-44228.json.
2026-07-06 01:44:53 -04:00
..
cvelist feat(nadezhda): keyless CVE enrichment, folded into scrape, news-first ranking 2026-07-06 01:44:53 -04:00
epss feat(nadezhda): M3 CVE extraction + NVD/KEV/EPSS enrichment 2026-07-05 15:54:49 -04:00
feeds feat(nadezhda): M1 ingestion core (fetch, parse, normalize, dedup) 2026-07-05 14:51:57 -04:00
kev feat(nadezhda): M3 CVE extraction + NVD/KEV/EPSS enrichment 2026-07-05 15:54:49 -04:00
nvd feat(nadezhda): M3 CVE extraction + NVD/KEV/EPSS enrichment 2026-07-05 15:54:49 -04:00