anthonyharrison
anthonyharrison
When runing vuls locally on a kali, the system fails to scan because it is an unsupported OS. As Kali is just a Debian version, can this not be detected...
Just an idea at this stage, but would it be possible to scan a Makefile and identify components (and their dependencies) to scan for vulnerabilites?
The default access to the NVD database is now to use the NVD API using a NVD API Key. However, if no API Key is specified or discovered using the...
The check for the latest schema is not performed if the `--update never` option is set. This means that an exception will be raised if using an old database schema.
Filenames with a .bin extension are typically firmware images but are currently ignored because they are not a valid archive or supported extraction type. However they can be readily extracted...
When parsing a Java POM.xml file, some product versions are defined as properties ``` 5.8.2 ``` These then used in the subsequent specification of the product version `${junit.jupiter.version}` Parsing for...
See [GSoC 2022 Start here](#1462) and [GSoC 2022 Ideas](#1379 ) Currently the cve-bin-tool uses the NVD database as its only source of vulnerabilities. However not all vulnerabilities are captured in...
Each of the checkers identifies a product/vendor pair to be used if a particular component is detected in a binary file. The allows for instance an item detected as libc...
Currently only JAR archives are supported for Java applications