Hey everyone,
I’m currently building an automated vulnerability intelligence pipeline using SUSE’s CSAF 2.0 VEX feeds. However, I’ve noticed that their entire VEX directory (https://ftp.suse.com/pub/projects/security/csaf-vex/), including the changes.csv file, hasn’t updated since February 17, 2026.
Obviously, SUSE hasn’t stopped issuing patches—the standard /csaf/ advisory directory is still actively pushing daily updates.
It looks like their internal VEX generation pipeline (generate-csaf-vex.pl) might have silently crashed or hung a couple of weeks ago (?)
A few questions for the community:
-
Has anyone else noticed this in their ingestion pipelines?
-
Did SUSE announce a migration to a new CSAF/ROLIE endpoint that I missed?
-
For those running production scanners, are you temporarily falling back to something else?
Thanks in advance for any insights!
(Note: I used an AI chatbot to help structure and draft this post, but the technical issue is 100% real and currently blocking my pipeline!)