nix-security-tracker icon indicating copy to clipboard operation
nix-security-tracker copied to clipboard

Published 20 hours ago verified publisher icon Nix-Security-WG

[Tracking issue] Demo Readiness

Open ApolloUnicorn opened this issue 1 year ago • 1 comments

At our meeting 2023-11-15, we defined our demo target to be a CLI tool which does these four things:

  1. scan dependencies used locally (from some combination of derivation graphs, metadata provided by nixpkgs) Related tickets: https://github.com/Nix-Security-WG/nix-security-tracker/issues/17

  2. ingest some sort of vulnerability database(s) that are separate from the users configuration (these might be well-known upstream things like CVEs or new nix-ecosystem-specific databases) Related tickets: https://github.com/Nix-Security-WG/nix-security-tracker/issues/4 ~~https://github.com/Nix-Security-WG/nix-security-tracker/issues/6~~ https://github.com/Nix-Security-WG/nix-security-tracker/issues/8

  3. match/align these two sorts of information (the config and the vulnerabilities) with fewer or more heuristics based on how "pre- cleaned-up" the information (meta and nix-specific database is cleaner, derivation graph and upstream database is messier) Related tickets: https://github.com/Nix-Security-WG/nix-security-tracker/issues/5

  4. produce an output of those matches

ApolloUnicorn avatar Nov 15 '23 19:11 ApolloUnicorn