cve-bin-tool
cve-bin-tool copied to clipboard
intel
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
* related to #1539 Now that we're starting to get type hints in more files, I'd like to have CI give us feedback on type hints. This can be allowed...
New checker request: **rsync** **Source code**: Please add links in the comments so this issue can be updated **CVE data**: Please add links in the comments so this issue can...
While going through #1526 I was thinking about how this could lead to support for multiple parsers, but as the current structure stands, it is a bit too random (not...
New checker request: Apache http (In "celebration" of https://ubuntu.com/security/CVE-2021-41773 ) Website: https://httpd.apache.org/ CVEs: * Just the 2.4 ones (others on separate pages) https://httpd.apache.org/security/vulnerabilities_24.html * https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/Apache-Http-Server.html Instructions: [How to add a...
As we talked on #1122 , we need to add a pure python cab-extractor as not all systems will come with it ,On a initial look [cabarchive](https://pypi.org/project/cabarchive/) seems good. This...
* related #1552 @Molkree discovered an interesting issue while improving our CI files: > Alright, it didn't take long, looks like my first guess was the correct one. > >...
Possible GSoC idea: get test coverage to 95% (stretch goal, 100%) * related: #1462 * related: #1379 We're currently hovering around 80% coverage according to codecov: https://codecov.io/gh/intel/cve-bin-tool Codecov lets you...
* related: #1379 * related: #1462 CVE Binary Tool was originally intended to work with compiled languages and binary files, but we've expanded to do known component lists in a...
There's an official SPDX parser that might yield more robust parsing if we need it: https://github.com/spdx/tools-python This was feedback from someone on our licensing team who got interested in the...
What do you think about using Open Source Security Foundation' Scorecards ([repo](https://github.com/ossf/scorecard))? They check quite a long list of things, including branch protection rules, fuzzing, pinned dependencies, signed releases, etc...
