Currently hosting costs are unclear, but it should be doable if we offer API access for like 5 bucks / month for private and 100 / month for corporate or similar.
Already did a backup of the NVD in the last couple hours, currently backing up the security trackers and OVAL feeds.
Gonna need some sleep now, it's morning again.
My project criteria:
- hosting within the EU
- must have a copyleft license (AGPL)
- must have open source backend and frontend
- dataset size is around 90-148 GB (compressed vs uncompressed)
- ideally an e.V. for managing funds and costs, so it can survive me
- already built my vulnerability scraper in Go, would contribute it under AGPL
- already built all schema parsers, would contribute them also under AGPL
- backend and frontend needs to be built
- would make it prerendered, so that cves can be static HTML files that can be hosted on a CDN
- needs submission/PoC/advisory web forms and database/workflow for it
- data is accumulated into a JSON format (sources are mixed non standard formats for each security tracker. Enterprise distros use odata or oval for the most parts)
If you are interested, write me on linkedin.com/in/cookiengineer or here.
Instead of trying to imagine a thing that someone else might or might not need.
I've been slowly chipping away at a heroku alternative called Canine [1] for the better part of a year now on the side, and for once, I don't feel tons of pressure or self loathing for not working on it quickly enough.
I use it every day now, and whenever I come across something that I wish was a little better (at the moment, understanding how much memory is used by the cluster is a pet peeve), I ruminate on it for a few days before hopping in and making some changes. No more, no less. It helps me get away from "what is the perfect solution", to "can i fix this thing that annoys me right now"
[1] https://canine.sh