From a27e53a7d36042825ab0d24838b943ef5d661b53 Mon Sep 17 00:00:00 2001
From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Date: Tue, 29 Aug 2023 12:06:38 +0600
Subject: [PATCH] BREAKING CHANGE: extract NVD advisories to separate repo
 (#230)

---
 .github/workflows/nvd.yml    | 40 ++++++++++++++++++++++++++++++++++++
 .github/workflows/update.yml |  4 ----
 nvd/nvd.go                   |  4 ++--
 3 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 .github/workflows/nvd.yml

diff --git a/.github/workflows/nvd.yml b/.github/workflows/nvd.yml
new file mode 100644
index 0000000..b0753a4
--- /dev/null
+++ b/.github/workflows/nvd.yml
@@ -0,0 +1,40 @@
+name: Update vuln-list-nvd repo
+on:
+  schedule:
+  - cron: "0 */6 * * *"
+  workflow_dispatch:
+
+jobs:
+  update:
+    name: Update vuln-list-nvd
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      VULN_LIST_DIR: "vuln-list-nvd"
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3
+
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version-file: go.mod
+
+    - name: Check out vuln-list-nvd repo
+      uses: actions/checkout@v3
+      with:
+        repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }}
+        token: ${{ secrets.ACCESS_TOKEN }}
+        path: ${{ env.VULN_LIST_DIR }}
+
+    - name: Setup github user email and name
+      run: |
+        git config --global user.email "action@github.com"
+        git config --global user.name "GitHub Action"
+
+    - name: Compile vuln-list-update
+      run: go build -o vuln-list-update .
+
+    - if: always()
+      name: NVD
+      run: ./update.sh nvd "NVD"
\ No newline at end of file
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 6081226..8899fc6 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -35,10 +35,6 @@ jobs:
     - name: Compile vuln-list-update
       run: go build -o vuln-list-update .
 
-    - if: always()
-      name: NVD
-      run: ./update.sh nvd "NVD"
-
     - if: always()
       name: Alpine Issue Tracker
       run: ./update.sh alpine "Alpine Issue Tracker"
diff --git a/nvd/nvd.go b/nvd/nvd.go
index 5afcea4..be4f39d 100644
--- a/nvd/nvd.go
+++ b/nvd/nvd.go
@@ -23,7 +23,7 @@ type NVD struct {
 
 const (
 	baseURL     = "https://nvd.nist.gov/feeds/json/cve/1.1"
-	nvdDir      = "nvd"
+	feedDir     = "feed"
 	concurrency = 5
 	wait        = 0
 	retry       = 5
@@ -110,7 +110,7 @@ func save(nvd *NVD) error {
 			continue
 		}
 
-		if err = utils.SaveCVEPerYear(filepath.Join(utils.VulnListDir(), nvdDir), cveID, item); err != nil {
+		if err = utils.SaveCVEPerYear(filepath.Join(utils.VulnListDir(), feedDir), cveID, item); err != nil {
 			return xerrors.Errorf("failed to save NVD CVE detail: %w", err)
 		}
 	}