Merge pull request #666 from nscuro/nvd-notice

Add NVD API notice

src/i18n/locales/en.json

@@ -635,6 +635,7 @@
     "vulnsource_alias_sync_enable_tooltip": "Alias data can help in identifying identical vulnerabilities across multiple databases. If the source provides this data, synchronize it with Dependency-Track's database.",
     "vulnsource_nvd_enable": "Enable National Vulnerability Database mirroring",
     "vulnsource_nvd_desc": "The National Vulnerability Database (NVD) is the largest publicly available source of vulnerability intelligence. It is maintained by a group within the National Institute of Standards and Technology (NIST) and builds upon the work of MITRE and others. Vulnerabilities in the NVD are called Common Vulnerabilities and Exposures (CVE). There are over 100,000 CVEs documented in the NVD spanning from the 1990’s to the present.",
+    "vulnsource_nvd_notice": "This product uses data from the NVD API but is not endorsed or certified by the NVD.",
     "vulnsource_nvd_feeds_url": "NVD Feeds URL",
     "vulnsource_github_advisories_enable": "Enable GitHub Advisory mirroring",
     "vulnsource_github_advisories_desc": "GitHub Advisories (GHSA) is a database of CVEs and GitHub-originated security advisories affecting the open source world. Dependency-Track integrates with GHSA by mirroring advisories via GitHub's public GraphQL API. The mirror is refreshed daily, or upon restart of the Dependency-Track instance. A personal access token (PAT) is required in order to authenticate with GitHub, but no scopes need to be assigned to it.",

src/views/administration/vuln-sources/VulnSourceNvd.vue

@@ -12,6 +12,8 @@
       {{$t('admin.vulnsource_nvd_enable')}}
       <hr/>
       {{ $t('admin.vulnsource_nvd_desc') }}
+      <br/><br/>
+      {{ $t('admin.vulnsource_nvd_notice') }}
       <hr/>
       <b-validated-input-group-form-input
         id="nvd-feeds-url"