Existing enrichment and vulnerability database (DB) sources often take weeks or months before introducing certain CVEs to their DBs. This is because NIST and CISA KEV are both maintained by government agencies and have their own set of criteria, governance and onboarding process for new CVEs. Github, on the other hand, is truly open source, easier format to handle and read, and is sourced directly from the vulnerability databases of the programming language maintainers. This means that this DB also provides more visibility for open-source projects compared to the NIST and CISA DBs.
How it works
The GitHub Advisory Database connector is straightforward to use. Simply log into your Monad account and select the GitHub Advisory Database enrichment connector (it does not require any credentials). Once added you can then select GitHub Advisory under models to export. This will export the GitHub Advisory Database to your data warehouse. Detailed instructions can be found on our documentation page.