Broadcom publishes all security advisories within the Broadcom Support Portal (BSP), under Security Advisories on left hand navigation, which will take you to https://support.broadcom.com/group/ecx/security-advisory page.
You can also view specific Broadcom Division security advisories, by providing the specific Broadcom Division Segment ID, which also does not require a login to view.
Here is a table of all Broadcom Software Divisions that currently publishes security advisories:
Broadcom Division | Segment ID | URL |
---|---|---|
VMware Cloud Foundation | VC | https://support.broadcom.com/web/ecx/security-advisory?segment=VC |
Tanzu | VT | https://support.broadcom.com/web/ecx/security-advisory?segment=VT |
Application Networking & Security | VA | https://support.broadcom.com/web/ecx/security-advisory?segment=VA |
Software Defined Edge | VE | https://support.broadcom.com/web/ecx/security-advisory?segment=VE |
Enterprise Software | ES | https://support.broadcom.com/web/ecx/security-advisory?segment=ES |
Mainframe Software | MF | https://support.broadcom.com/web/ecx/security-advisory?segment=MF |
Cyber Security Software | SE | https://support.broadcom.com/web/ecx/security-advisory?segment=SE |
Payment Security Software | PZ | https://support.broadcom.com/web/ecx/security-advisory?segment=PZ |
Brocade Storage Networking |
BSN | https://support.broadcom.com/web/ecx/security-advisory?segment=BSN |
I recently saw a discussion asking whether there was an API for the Broadcom Security Advisories and after taking a quick look, I found the following:
curl 'https://support.broadcom.com/web/ecx/security-advisory/-/securityadvisory/getSecurityAdvisoryList' \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -X POST \ --data-raw '{"pageNumber":0,"pageSize":20,"searchVal":"","segment":"VC","sortInfo":{"column":"","order":""}}'
To retrieve a specific Broadcom Division security advisories, you simply change the payload segment ID to one of the ones listed in the table above.
Here is PowerShell example using the Invoke-Webrequest to retrieve security advisories for the VMware Cloud Foundation (VCF) Division:
$headers = @{ "accept" = "application/json" "content-type" = "application/json" } $payload = @{ "pageNumber" = 0 "pageSize" = 20 "searchVal" = "" "segment" = "VC" } $body = $payload | ConvertTo-Json $requests = Invoke-Webrequest -Uri "https://support.broadcom.com/web/ecx/security-advisory/-/securityadvisory/getSecurityAdvisoryList" -Method POST -Headers $headers -Body $body if($requests.StatusCode -eq 200) { $results = ($requests.Content|ConvertFrom-Json).data.list } $results
Here is the output from the code above and you can certainly filter this further based on your needs.
Jaren says
Excellent, William! Are you aware of an API to query for new software releases which may not include security updates? Aside from checking release notes routinely, it’s not well socialized when a new software version is released (i.e., Operations).
Claus says
Yes, it would be great with an API to check for new releases 🙂
Paredo says
Hi William,
Thank you for your article. Do you know how to get the affected builds and fixed version for a specific CVE using the API ? I am not seeing them in the results from the API call.
William Lam says
The details are only in URL, which isn’t part of API, so you’d have to scrape that part if you want to parse things out further
Dale Hassinger says
I used this Blog info to create a VCF Operations Management Pack using Management Pack Builder. Now I can have a Dashboard in VCF Operations with Broadcom Security Advisories and have reports and alerts as an option. Thanks for Sharing William! This is awesome!
Bryan says
Is there a way we can get an RSS feed for this like we used to get when it was hosted on VMware's site?
William Lam says
When you’re logged in, you can subscribe to variety of things including security advisories for specific products/etc. It does require logging in to set that up. Not aware of any RSS feeds