fedcode-next: Extract fix commits from the change logs in search for CVE-related change entries

[pombredanne]

We need to create a pipeline to parse changelogs and identify entries that correspond to vulnerabilities and fix commits for well-known ecosystems.

• https://github.com/pyupio/changelogs/
• https://github.com/samaritan/archeogit
• https://github.com/django/django/blob/1167cd1d639c3fee69dbdef351d31e8a17d1fedf/docs/releases/security.txt

related issue:

• Extract interesting data from CVE and other vulnerabilities body #551

[ziadhany]

this is done now we have a script that collect fix-commits and git messages ( changelogs ).

see:

• https://github.com/aboutcode-data/vulnerablecode-vcs-collector
• Add support for collecting fix commits and (PRs and issues) aboutcode-data/vulnerablecode-vcs-collector#1

More work will take place in the future to refine this with:

• Improve fix commits collection from VCS #2318
• Improve collection from fix commits from git logs #2319