After using OCS Inventory for a while, we have decided to activate the CVE Reporting option.
We have initially tried using a remote server (like the one mentioned in the documentation, cve.circl.lu) but it didn't work. Therefore, we set up our own CVE Search server.
So we installed the cve-search and everything seems to work ok. We have it running on cve-server:10443.
We configured ocs-inventory-server to use this, configured all required cron-jobs and checked the connection between the ocs-server and the cve-server using curl, and everything is OK there.
The cron tasks are executed normally, but the result is always the same: 10-Feb-2022 06:28:52 UTC - 0 CVE has been added to database.
OCS always says that there are no CVE's to add to the database.
The software and software_link db tables are updated/populated (there are more than 5000 programs in the inventory) and in the OCS Inventory server, Manage > CVE Inventory, we found that the "Match List" has a lot of items (>407k).
But in Inventory > CVE Reporting > By CVSS / By Software / By Computer, totally empty and in the "CVE History" option, in the "Information" menu, the CVE count is zero for all publishers.
I have checked the entire forum and other pages in search of a solution, but I have run out of ideas.
Do you have any idea what could be the problem? We are running OCS Inventory server v2.9.2, under CentOS 7, with MariaDB and PHP 7.3.33.
PS: Sorry, this was a short version of the report, because the forum limits, you can found a PDF with all the information there: http://bitly.ws/oqKR