I am trailing SUSE manager 3.1 in a disconnected (air-gapped) setup.

I can use an internet facing SMT server to pull in the required software channels and patches and manually move the date to the air-gapped SUSE Manager server for import.

One thing I cannot figure out how to do is to update the NVD CVE data to run patch audits. I can see the task to refesh the data, but obviously without being internet facing this doesn't do much. I also download the latest NVD CVE json files directly from NIST, but how/where do the files get imported.

I'm really keen to be able to audit the servers managed by SUSE Manager for the applicability of patches etc.

Does anyone know how to accomplish this ?

Many Thanks,