from cm0002@toast.ooo to cybersecurity@infosec.pub on 16 Feb 18:01
https://toast.ooo/post/12299938
Today weβre releasing Vulnerability-Lookup 4.0.0, and this is a big one.
π Remote Instance Synchronization
This version is paving the way for federated deployments of Vulnerability-Lookup instances. You can now synchronize multiple Vulnerability-Lookup instances and share:
- π¬ Comments
- π¦ Bundles
- ποΈ Sightings
- π¨ KEV entries (GCVE BCP-07)
This introduces a true federated model for vulnerability intelligence sharing.
Full breakdown available here:
π vulnerability-lookup.org/β¦/vulnerability-lookup-4β¦
Letβs take a look at all the notable changes.
π Remote Instance Synchronization β Whatβs Inside
This release introduces a complete sync engine designed for reliability, transparency, and operational control.
A local instance can now pull objects β including bundles, comments, sightings, and KEV entries β from configured remote Vulnerability-Lookup instances via their public APIs.
The synchronization engine includes:
- Remote instance management with per-object-type synchronization controls
- Timestamp-based update detection to keep data consistent
- Asynchronous scheduler with graceful shutdown support
- CLI command and systemd service template for automation
- Administrative controls to trigger synchronization manually
- Visual indicators in the interface to clearly identify synchronized objects
π Feeder Improvements
Expanded data ingestion:
- New RustSec OSV feeder
- New OSS-Fuzz feeder (with YAML support in OSV)
- More generic CSAF and OSV templates
This strengthens Vulnerability-Lookupβs position as a correlation hub across heterogeneous vulnerability sources.
π¨ UI Improvements
- Redesigned global dashboard layout for better visibility and structure.
More details:
π vulnerability-lookup.org/β¦/vulnerability-lookup-4β¦
If youβre running Vulnerability-Lookup and interested in interconnecting instances across organizations or teams β this release is for you.
π Project: https://www.vulnerability-lookup.org/ π¦ Code: https://github.com/vulnerability-lookup/vulnerability-lookup
Feedback, experiments, and federated setups welcome.
Feel free to create an account on the instance operated by CIRCL (Computer Incident Response Center Luxembourg):
πΆπͺπΊ Funding
Vulnerability-Lookup is co-funded by CIRCL (Computer Incident Response Center Luxembourg) and by the European Union via the hashtag hashtag#NGSOTI project. More information on the page from Restena Foundation: www.restena.lu/en/project/ngsoti
#VulnerabilityManagement #CVE #KEV #GCVE #CVD #CyberSecurity #Federation
threaded - newest