Using the NVD SWID Repository Client

A experimental, Java-based client for posting SWID tags to the National Vulnerability Database (NVD) for use in vulnerable product identification.

The NVD is maintaining a repository of software producer published SWID and CoSWID tags for use in identifying products as part of the NVD’s vulnerability analysis process.

The following dependency can be added to your POM to use this library.

<dependency>
  <groupId>gov.nist.secauto.swid</groupId>
  <artifactId>swid-repo-client</artifactId>
  <version>0.6.1</version>
</dependency>

The API documentation provides more details.

The source can be found in the project’s Github repo.

Software Identification (SWID) Tools

Using the NVD SWID Repository Client