Vulnerability data about open-source software should be open too!
When running Eclipse Steady internally at SAP, serving thousands of distinct teams and conducting 250k+ scans per month, we spent a substantial amount of time mining source code repositories and curating a knowledge base of so called fix-commits (which are the commits that fix known vulnerabilities). Such information is the fuel of Eclipse Steady and it needs to be continuously harvested.
Experience level:
Beginner