Extend the security-tracker check-external scripts
Description of the project: Extend the check-external scripts in the security tracker to automatically pull in CVE and other security advisory data and commit directly to the secure-testing repo. This would eliminate a lot of the manual work done by the security team. The project would consist of several phases: Review tracker data and collate common data sources. Research/contact all of the data sources in order to find existing machine-readable APIs/information about security issues. Write core infrastructure for committing data to tracker. Write converters for external machine-readable data. Write parsers for the remaining data sources. During the development phase it could simply mail the debian-security-tracker mailing list with diffs to commit.
How to contact the mentor:
Deliverables of the project: A replacement for check-external that will automatically commit new external data to the security tracker.
Desirable skills: Python
What the student will learn: Debian security processes, security information, integration of data sources, scraping data from websites