Skip to content

Update EPSS URL #5059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
terriko merged 1 commit into from
Jul 3, 2025
Merged

Update EPSS URL #5059

terriko merged 1 commit into from
Jul 3, 2025

Conversation

@jgamblin
Copy link
Contributor

@jgamblin jgamblin commented May 2, 2025
edited
Loading

Move EPSS URL From Cyentia to Empirical Security. https://epss.empiricalsecurity.com/epss_scores-current.csv.gz.
The old URL no longer works. The URL is back but it is now a redirect and should be updated.

@jgamblin
Update EPSS URL
060fe9b 
Update EPSS URL
@terriko terriko added the blocked label May 5, 2025
@terriko
Copy link
Collaborator

terriko commented May 5, 2025

They're both working for me right now. Is there an announcement somewhere about the change or is this an attempt to get us to do something sketchy? My apologies for being so suspicious if this wasn't a social engineering attempt, but we've been getting some really weird pull requests.

@jgamblin
Copy link
Contributor Author

jgamblin commented May 6, 2025
edited
Loading

hi @terriko,

I completely understand it sounds sketchy, but it is a real change. The URL was down for about a day or so but Cyentia turned back on the redirect for now.

Screenshot 2025-05-05 at 7 08 42 PM

All of the links on first.org have been updated to Empirical Security.
https://www.first.org/epss/data_stats

@jayjacobs is from Empirical and can also verify if needed.

@stvml
Copy link
Contributor

stvml commented May 7, 2025 

~$ curl -I https://epss.cyentia.com/epss_scores-current.csv.gz
HTTP/1.1 200 Connection established
Proxy-Agent: Fortinet-Proxy/1.0

HTTP/2 301
content-length: 0
location: https://epss.empiricalsecurity.com/epss_scores-current.csv.gz
date: Wed, 07 May 2025 23:14:08 GMT
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 9f4bc08bf8fe4d53ba73713387d5ab3e.cloudfront.net (CloudFront)
x-amz-cf-pop: HIO50-C2
x-amz-cf-id: EJfEBnEGaFM5vC5QSW4i69Fr41eOdymE8F8kh6u5KFP9xUCcP8Rcuw==
age: 57

Confirmed the old URL is a 301 to the new URL. I'll go ahead and fire the CI.

@stvml stvml added awaiting CI and removed blocked labels May 7, 2025
terriko
terriko approved these changes Jul 3, 2025
View reviewed changes
Copy link
Collaborator

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for explaining what was going on! Sorry this fell off my radar after you replied, but let's get it merged now!

@terriko terriko merged commit 42953d0 into ossf:main Jul 3, 2025
29 of 32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@terriko terriko terriko approved these changes

Assignees

No one assigned

Labels

awaiting CI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jgamblin @terriko @stvml