diff --git a/config.toml b/config.toml
index 1129254ba713abf153e98b669bb071e47b854ef8..ca3faba7e7f9d34e04b71d2c569ac9d24e33a26a 100644
--- a/config.toml
+++ b/config.toml
@@ -177,6 +177,16 @@ pluralizeListTitles = false
parent = "collaborations"
name = "Interest Group Process"
url = "/org/collaborations/interest-groups/process.php"
+
+[[menu.sidebar]]
+ identifier = "security"
+ name = "Security"
+ url = "/security"
weight = 1
-
+
+[[menu.sidebar]]
+ parent = "security"
+ name = "Known Vulnerabilities"
+ url = "/security/known"
+ weight = 1
diff --git a/content/security/known/_index.md b/content/security/known/_index.md
new file mode 100644
index 0000000000000000000000000000000000000000..f677e8ab742389bed225958be82463391366fb6a
--- /dev/null
+++ b/content/security/known/_index.md
@@ -0,0 +1,11 @@
+---
+title: "Known Vulnerabilities"
+date: 2022-08-30T13:14:48-04:00
+description: "List of security vulnerabilities known to affect Eclipse Foundation sites and projects"
+keywords: ['Eclipse', 'projects', 'security', 'cve']
+layout: single
+---
+
+This page lists security vulnerabilities known to affect Eclipse Foundation sites and projects.
+
+{{< pages/security/known >}}
diff --git a/js/known-vulnerabilities.js b/js/known-vulnerabilities.js
new file mode 100644
index 0000000000000000000000000000000000000000..756af052006f8b04dcea3d72f08ecc1e92826649
--- /dev/null
+++ b/js/known-vulnerabilities.js
@@ -0,0 +1,16 @@
+/*!
+ * Copyright (c) 2023 Eclipse Foundation, Inc.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * Contributors:
+ * Olivier Goulet <olivier.goulet@eclipse-foundation.org>
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+
+// Requires jQuery to be loaded beforehand
+
+import './src/known-vulnerabilities-table'
\ No newline at end of file
diff --git a/js/src/api/eclipsefdn.cve.js b/js/src/api/eclipsefdn.cve.js
new file mode 100644
index 0000000000000000000000000000000000000000..72d7891d24597f3f983284613d8cd6f84c646c15
--- /dev/null
+++ b/js/src/api/eclipsefdn.cve.js
@@ -0,0 +1,46 @@
+/*!
+ * Copyright (c) 2023 Eclipse Foundation, Inc.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * Contributors:
+ * Olivier Goulet <olivier.goulet@eclipse-foundation.org>
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+
+const apiPath = `https://api.eclipse.org/cve`;
+
+const cveMapper = data => ({
+ id: data.id,
+ datePublished: data.date_published,
+ status: data.status,
+ summary: data.summary,
+ project: data.project,
+ cvss: data.cvss,
+ liveLink: data.live_link,
+ cvePullRequest: data.cve_pull_request,
+ nvdLink: `https://nvd.nist.gov/vuln/detail/${data.id}`,
+});
+
+const getAllCVEs = async () => {
+ try {
+ const response = await fetch(apiPath);
+ if (!response.ok) throw new Error('Problem with the request to CVE API');
+
+ const data = await response.json();
+ if (!Array.isArray(data)) throw new TypeError('Expected an array as CVE API response');
+
+ const cves = data
+ .map(cveMapper)
+ .filter(cve => cve.status === 'PUBLIC');
+
+ return [cves, null];
+ } catch (error) {
+ return [null, error];
+ }
+}
+
+export default getAllCVEs;
diff --git a/js/src/known-vulnerabilities-table.js b/js/src/known-vulnerabilities-table.js
new file mode 100644
index 0000000000000000000000000000000000000000..158549aaeda19d47a3d00f2ca62a1a867633cbaa
--- /dev/null
+++ b/js/src/known-vulnerabilities-table.js
@@ -0,0 +1,68 @@
+/*!
+ * Copyright (c) 2023 Eclipse Foundation, Inc.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * Contributors:
+ * Olivier Goulet <olivier.goulet@eclipse-foundation.org>
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ */
+
+import DataTable from 'datatables.net';
+import getAllCVEs from './api/eclipsefdn.cve';
+
+
+const KnownVulnerabilitiesTable = async () => {
+ const element = document.querySelector('#known-table-wrapper');
+ if (!element) return;
+
+ const [cves, error] = await getAllCVEs();
+
+ if (error) {
+ element.innerHTML = `
+ <p class="alert alert-danger">
+ An error has occurred while fetching known vulnerabilities. Please try again later.
+ </p>
+ `;
+
+ return;
+ }
+
+ const data = cves.filter(row => row.cvePullRequest !== null);
+
+ populateTable(data);
+}
+
+export default KnownVulnerabilitiesTable();
+
+/** Populate the known vulnerabilities table with CVE data
+ * @param {Array} data - Array of CVEs
+ * @returns {DataTable} - DataTable instance
+*/
+const populateTable = data =>
+ new DataTable('#known-table', {
+ data,
+ autoWidth: false,
+ columns: [
+ {
+ data: 'id',
+ width: '20%',
+ render: (data, _, row) => `<a href="${row.nvdLink}">${data}</a>`
+ },
+ { data: 'datePublished', width: '15%' },
+ {
+ name: 'project',
+ data: 'project',
+ width: '25%',
+ render: (data) => `<a class="known-table-project-link" href="https://projects.eclipse.org/projects/${data}">${data}</a>`
+ },
+ //{ data: 'summary' }
+ ],
+ order: [[1, 'desc']],
+ pageLength: 10,
+ lengthMenu: [10, 20, 50, 100]
+ }
+);
diff --git a/layouts/partials/footer_custom.html b/layouts/partials/footer_custom.html
new file mode 100644
index 0000000000000000000000000000000000000000..914bf00ba9c8cad95ddce7d7a7745b49a58cfaaf
--- /dev/null
+++ b/layouts/partials/footer_custom.html
@@ -0,0 +1,3 @@
+{{ block "datatables" . }}
+ {{ . }}
+{{ end }}
diff --git a/layouts/partials/security/known/data_tables.html b/layouts/partials/security/known/data_tables.html
new file mode 100644
index 0000000000000000000000000000000000000000..8366834540f6d873db4b2fa7df2bd771b6af50fc
--- /dev/null
+++ b/layouts/partials/security/known/data_tables.html
@@ -0,0 +1,4 @@
+{{ define "datatables" }}
+ <link rel="stylesheet" href="/public/css/datatables.net-dt.css">
+ <script async src="/public/js/known-vulnerabilities.js"></script>
+{{ end }}
diff --git a/layouts/shortcodes/pages/security/known.html b/layouts/shortcodes/pages/security/known.html
new file mode 100644
index 0000000000000000000000000000000000000000..b82a54e3e04e8bcc7871c4b02a047d266cdad1ea
--- /dev/null
+++ b/layouts/shortcodes/pages/security/known.html
@@ -0,0 +1,12 @@
+<div class="dataTables_wrapper margin-top-20" id="known-table-wrapper">
+ <table class="display dataTable" id="known-table" style="width:100%" aria-describedby="known-table_info">
+ <thead>
+ <tr>
+ <th class="sorting" tabindex="0" aria-controls="known-table" rowspan="1" colspan="1" aria-label="ID: activate to sort column ascending">ID</th>
+ <th class="sorting" tabindex="0" aria-controls="known-table" rowspan="1" colspan="1" aria-label="Date: activate to sort column ascending">Date Published</th>
+ <th class="sorting sorting_asc" tabindex="0" aria-controls="known-table" rowspan="1" colspan="1" aria-sort="ascending" aria-label="Project: activate to sort column descending">Project</th>
+ <!--<th tabindex="0" aria-controls="known-table" rowspan="1" colspan="2">Description</th>-->
+ </tr>
+ </thead>
+ </table>
+</div>
diff --git a/package.json b/package.json
index aff8adb7d32c62bd66a639731754969cd9774e14..bbf7496d35af9b5ab0bd364b03e562df677a5574 100644
--- a/package.json
+++ b/package.json
@@ -22,6 +22,7 @@
},
"dependencies": {
"eclipsefdn-hugo-solstice-theme": "0.0.183",
+ "datatables.net-dt": "^1.13.1",
"js-yaml": "^3.13.1",
"json-minify": "^1.0.0"
},
diff --git a/webpack.mix.js b/webpack.mix.js
index 8bdc6cc31cb70e2abbe6be400c14b53de8fe7969..9b5641e803f732042f7c111a0c97ae77c518963a 100644
--- a/webpack.mix.js
+++ b/webpack.mix.js
@@ -25,4 +25,8 @@ mix.less('./less/page_css_file/openchain/styles.less', 'static/public/css/projec
mix.less('./less/page_css_file/europe/styles.less', 'static/public/css/europe-styles.css');
mix.less('./less/page_css_file/research/styles.less', 'static/public/css/research-styles.css');
+mix.css('./node_modules/datatables.net-dt/css/jquery.dataTables.min.css', 'static/public/css/datatables.net-dt.css');
+
mix.js('js/main.js', './static/public/js/main.js');
+mix.js('js/known-vulnerabilities.js', './static/public/js/known-vulnerabilities.js')
+
diff --git a/yarn.lock b/yarn.lock
index 4f63aeb557b933baf20f22c11e8ae9d953a89dcc..a093a056c217d47cc1f34e9a9b469ae3888ed79f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2301,6 +2301,21 @@ csso@^4.2.0:
dependencies:
css-tree "^1.1.2"
+datatables.net-dt@^1.13.1:
+ version "1.13.4"
+ resolved "https://registry.yarnpkg.com/datatables.net-dt/-/datatables.net-dt-1.13.4.tgz#ec32d22a02772ee6dda2677032cb6b24f3f5e4d0"
+ integrity sha512-QAvuEej/qKSiaSmSeDQ36wWO72XzFGKkd0jdiqbp+2FHAAzIk+ffsqQAwylystMoBSiO0zlcdaqHoAPa5Dy7Pg==
+ dependencies:
+ datatables.net ">=1.12.1"
+ jquery ">=1.7"
+
+datatables.net@>=1.12.1:
+ version "1.13.4"
+ resolved "https://registry.yarnpkg.com/datatables.net/-/datatables.net-1.13.4.tgz#9a809cee82eca0a884e10b4d47a3a3d6e65e9fe7"
+ integrity sha512-yzhArTOB6tPO2QFKm1z3hA4vabtt2hRvgw8XLsT1xqEirinfGYqWDiWXlkTPTaJv2e7gG+Kf985sXkzBFlGrGQ==
+ dependencies:
+ jquery ">=1.7"
+
date-fns@^2.27.0:
version "2.29.3"
resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-2.29.3.tgz#27402d2fc67eb442b511b70bbdf98e6411cd68a8"
@@ -3664,7 +3679,7 @@ jquery-match-height@^0.7.2:
resolved "https://registry.yarnpkg.com/jquery-match-height/-/jquery-match-height-0.7.2.tgz#f8d9f3ba5314daab109cf07408674be204be5f0e"
integrity sha512-qSyC0GBc4zUlgBcxfyyumJSVUm50T6XuJEIz59cKaI28VXMUT95mZ6KiIjhMIMbG8IiJhh65FtQO1XD42TAcwg==
-jquery@>=1.8.3, jquery@^3.5.1:
+jquery@>=1.7, jquery@>=1.8.3, jquery@^3.5.1:
version "3.6.3"
resolved "https://registry.yarnpkg.com/jquery/-/jquery-3.6.3.tgz#23ed2ffed8a19e048814f13391a19afcdba160e6"
integrity sha512-bZ5Sy3YzKo9Fyc8wH2iIQK4JImJ6R0GWI9kL1/k7Z91ZBNgkRXE6U0JfHIizZbort8ZunhSI3jw9I6253ahKfg==