dep-scan icon indicating copy to clipboard operation
dep-scan copied to clipboard

Published 20 hours ago verified publisher icon owasp-dep-scan

Ability to provide a file of asset CPEs to scan

Open jonathangull opened this issue 2 years ago • 4 comments

Hi I would like to supply a file with list of assets(hardware,operating system,application) to dep-scan as input to scan for vulnerabilities and get matching vluns from NIST.

a@MacBook-Air bin % cat assets.txt cpe:2.3:h:cisco:isr_4331:-:::::::* cpe:2.3⭕cisco:ios:15.6(1.22)t:::::::*

Is this possible

jonathangull avatar Feb 27 '23 12:02 jonathangull

@jonathangull dep-scan already has the list of CPEs via the database. It can accept a cyclonedx bom file which is more precise than CPE strings. Could you describe your requirement a bit further?

prabhu avatar Feb 27 '23 15:02 prabhu

Thanks @prabhu My requirement is as follows -

We have different type of asset types - servers (windows/linux), Network Devies , cloud infrastructure etc. we need to scan this infra and NIST DB to find vulnerabilities for assets and plot a dashboard.

Just thinking if Depscan can help achieve the part of getting the asset->vuln in DB from which we can plot the graph.

jonathangull avatar Feb 28 '23 07:02 jonathangull

@prabhu any suggestions?

jonathangull avatar Mar 06 '23 05:03 jonathangull

@jonathangull Could you share an example? This is currently not possible with depscan or vulnerability db so no promises from my end.

prabhu avatar Mar 06 '23 05:03 prabhu