vulnix
vulnix copied to clipboard
nix-community
Vulnerability (CVE) scanner for Nix/NixOS.
It would be useful to have an option for listing all whitelist entries that were _not_ used during a scan. That would make it easier to remove old versions and...
Would make scripting a little easier if the tool supported `stdin` for derivation input. If you don't want it to block when no args are given, I've seen this implemented...
__Note:__ the changes aren't as trivial as I initially hoped, so I'd suggest to review this on a per-commit basis and also read the commit messages for further context! This...
there a few existing vulnerability databases that have an "upstream source code" field. (eg. github and arch linux both have one, also NVE has some metadata links on each CPE)...
Hi all, since yesterday `vulnix` is no longer working on my systems: ```nix $ vulnix -R /nix/store/*.drv Traceback (most recent call last): File "/nix/store/rygfmwj1yvzx6ndfc33j5ajwqfp7408d-vulnix-1.10.1/bin/.vulnix-wrapped", line 9, in sys.exit(main()) File "/nix/store/wazkvq0fsirz6ng9g5sjmr93mh159g64-python3.10-click-8.1.6/lib/python3.10/site-packages/click/core.py",...
I'm not sure of the exact circumstances - in any case, I run on MacOS. ``` error: builder for '/nix/store/72p3497238gfbajfkn120v9vn0vcp09p-vulnix-1.10.1.drv' failed with exit code 1; last 10 log lines: >...
attr: bolt path: pkgs/os-specific/linux/bolt/default.nix ``` /nix/store/50hyqiq0wnjaqylnn6advp9g9f25y5ap-bolt-0.9.5.drv CVE CVSSv3 https://nvd.nist.gov/vuln/detail/CVE-2022-31321 9.1 https://nvd.nist.gov/vuln/detail/CVE-2019-9185 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27367 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-15483 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-15484 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-15485 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-4041 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28925 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4040 4.3 ``` Confused as a...
It would be convenient having a CLI option to specify which NVD archive to use. Indeed I'm running vulnix in a CI pipeline and, after re-running it (same commit), I've...
Based on https://github.com/nix-community/vulnix/pull/80, the repo is no longer maintained. Let me know if I'm wrong @ckauhaus @ctheune.
