New plugin for CVE Services API

[ppaeps]

Overview

The CVE Services API allows CVE Numbering Authorities (CNAs) to reserve, publish, and manage CVE IDs. This plugin sets the environment variables required to use the reference cvelib implementation of the API.

See also:
https://www.cve.org/AllResources/CveServices
https://github.com/RedHatProductSecurity/cvelib
https://vulnogram.github.io/cve5/#cvePortal

Type of change

• Created a new plugin
• Improved an existing plugin
• Fixed a bug in an existing plugin
• Improved contributor utilities or experience

How To Test

The CVE Services API can only be used by CNAs. Assuming you are a CNA (or a CNA can provide you with a test user), you can test authentication with cve ping.

Changelog

New CLI plugin for the CVE Services API.

[github-actions]

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

1. Generate a GPG key
2. Add the GPG key to your GitHub account
3. Configure git to use your GPG key for commit signing

Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

1. Generate an SSH key and add it to ssh-agent
2. Add the SSH key to your GitHub account
3. Configure git to use your SSH key for commit signing

Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.

[ppaeps]

I have been using this plugin for over a year. What is blocking this PR from being reviewed/merged? I've just force-pushed a very uneventful rebase on main.