cve-bin-tool
cve-bin-tool copied to clipboard
intel
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
``` ─────────────────────────────── Traceback (most recent call last) ────────────────────────────────╮ │ │ │ /home/firmy/.local/bin/cve-bin-tool:8 in │ │ │ │ 5 from cve_bin_tool.cli import main │ │ 6 if __name__ == '__main__': │...
This thread this just to discuss and figure out how we are to move forward while implementing fuzzing in the project.
https://nvd.nist.gov/General/News/changes-to-feeds-and-apis - "late 2022" the API is going to change - "late 2023" the other feeds including our fallback JSON will go away I'm guessing we'll probably get the 3.2...
Currently, CVE-bin-tool outputs errors to the console but mostly generates reports without them. Do we want to uplevel some messages to be part of the report? I'm not sure what...
From an email: > We generate CVE reports based on previously prepared .json file and there are two corner cases that make tracking CVEs difficult. > - When .json file...
We've occasionally seen some errors involving the extraction tests that seem to be sporadic and not occurring on every run. I'm cutting and pasting the log here before I re-run...
Just an idea at this stage, but would it be possible to scan a Makefile and identify components (and their dependencies) to scan for vulnerabilites?
* related #1860 @rhythmrx9 has made some database changes to support multiple data sources. He's got some code for upgrading in the PR above which I think will cover what...