django-DefectDojo VS endoflife.date

DefectDojo is a DevSecOps and vulnerability management tool used by many organisations. I learned a lot from this project.

I see they have a fairly comprehensive helm chart, which might be easier to wrangle than building (and then continuing to maintain!) a swarm compose stack. If you're not averse to Kubernetes, you could quickly deploy k3s and run their chart that way?

> where you can see overlapped timelines when support ended

I tried to generate a visual timeline for a given page (https://github.com/endoflife-date/endoflife.date/pull/2859, has some screenshots), but it was limited to a single page (so you'd only see nokia devices at once for eg).

It turned out that it is too hard to generate clear charts with vague data. We often only know whether is device is supported or not (true/false, see comments about samsung below in this thread), and don't have clear release dates.

I'll get to it someday (PRs welcome), but it might not work for the usecase we want (picking phones) because data on mobiles is very vague.

repairability score -> sounds interesting, will file an issue and see. The hard part is that there's no clear identifiers for devices (SWID/CPE are just not good enough) for us to track this kind of data from elsewhere easily.

Here's the PR where it was added by a user, "Based on a Rails core team member's comment"...

A lot of the communications regarding End of Life for Support is done very effectively here: https://endoflife.date/

https://endoflife.date (not mine)

a little similar to endoflife.date if anyone has ever come across it for Software versions?

We do this at https://endoflife.date API, and it works quite well.

I've created the `db.json` with the [end of life](https://endoflife.date/) api.

Something I've recently worked on is building an SQLite database of all the dependencies my organisation uses, which makes it possible to write our own queries and reports. The tool is all Open Source (https://dmd.tanna.dev) and has a CLI as well as the SQLite data.

Ive used it to look for software that's out of date (via https://endoflife.date), to find vulnerablilities (via https://osv.dev) and get license information (via https://deps.dev)

It's been hugely useful for us understanding use of internal and external dependencies, and I wish I'd built it earlier in my career so I could've had it for other companies I've worked at!

This is neat: https://endoflife.date/

I'm looking for a 3rd party vendor that can do the mindlessly tedious work of maintaining a library of software support dates. Think hundreds of thousands/millions of versions of software in an enterprise with ridiculous tech debt. Something like endoflife.date but much more far encompassing.