Comment 3 for bug 2032871

Thanks for the quick response.

I wasn't aware of that approach, where is the exported OVAL file? We currently are parsing all "CVE-.." files located under the "active" and "retired" folders (since we are also doing recalls in our DB). If there is a better way to gather that info, then we can definitely give it a go. Otherwise, we may end up using "libgit2sharp" to fetch content of those items but I agree it will be far more burden on the service at large scale.