Use case
The client-python (pyoaev) currently exposes a limited subset of the OpenAEV Vulnerability API.
Historically, vulnerability-related features were handled by the legacy CVE API, which is now obsolete.
The new vulnerability API is the recommended replacement and offers a more comprehensive and modern interface for managing vulnerability data. It is documented in the official API reference:
https://demo.openaev.io/swagger-ui/index.html
A new vulnerability manager has been integrated into pyoaev, but its scope is intentionally aligned with that of the legacy CVE client and exposes only a minimal set of endpoints (e.g., bulk ingestion). However, the OpenAEV vulnerability API offers a much broader set of features (CRUD, search, tenant-level operations, etc.), which are not currently fully represented.
An analysis is required to determine:
- which endpoints should be exposed in pyoaev
- whether full API coverage is desirable
- what impact this would have on client-python design, maintenance, and user experience
- whether API request and response payloads should be modeled using Pydantic
- whether automated verification against the Swagger/OpenAPI schema should be introduced to ensure consistency between the client-python (pyoaev) and the API specification.
Additional information
The CVE API is officially deprecated but will not be removed at this time, and the endpoints will be maintained for the time being.
Vulnerability API: https://demo.openaev.io/swagger-ui/index.html#/Vulnerability%20API
CVE API (legacy): https://demo.openaev.io/swagger-ui/index.html#/Cve%20API
Use case
The client-python (
pyoaev) currently exposes a limited subset of the OpenAEVVulnerabilityAPI.Historically, vulnerability-related features were handled by the legacy
CVEAPI, which is now obsolete.The new
vulnerabilityAPI is the recommended replacement and offers a more comprehensive and modern interface for managing vulnerability data. It is documented in the official API reference:https://demo.openaev.io/swagger-ui/index.html
A new vulnerability manager has been integrated into pyoaev, but its scope is intentionally aligned with that of the legacy CVE client and exposes only a minimal set of endpoints (e.g., bulk ingestion). However, the OpenAEV vulnerability API offers a much broader set of features (CRUD, search, tenant-level operations, etc.), which are not currently fully represented.
An analysis is required to determine:
Additional information
The CVE API is officially deprecated but will not be removed at this time, and the endpoints will be maintained for the time being.
Vulnerability API: https://demo.openaev.io/swagger-ui/index.html#/Vulnerability%20API
CVE API (legacy): https://demo.openaev.io/swagger-ui/index.html#/Cve%20API