diff options
| author | Andrii Bordunov via Openembedded-core <openembedded-core@lists.openembedded.org> | 2018-10-10 19:25:09 +0300 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2019-05-26 21:58:33 -0700 |
| commit | fbc9b4607569520c92baf1352041c813606e8524 (patch) | |
| tree | 29f2cdf5ecc2e7bfdef32d2d7723516ce5ce2d06 /scripts/cvert-kernel | |
| parent | de00a8fd41b576d6b2afc4d457ed6f3f6eeb273a (diff) | |
| download | meta-security-fbc9b4607569520c92baf1352041c813606e8524.tar.gz | |
cve-report: add scripts to generate CVE reports
cvert-foss - generate CVE report for the list of packages.
Analyze the whole image manifest to align with the complex
CPE configurations.
cvert-update - update NVD feeds and store CVE structues dump.
CVE dump is a pickled representation of the cve_struct dictionary.
cvert.py - python library used by cvert-* scripts.
NVD JSON Vulnerability Feeds https://nvd.nist.gov/vuln/data-feeds#JSON_FEED
Usage examples:
o Download CVE feeds to "nvdfeed" directory
% cvert-update nvdfeed
o Update CVE feeds and store a dump in a file
% cvert-update --store cvedump nvdfeed
o Generate a CVE report
% cvert-foss --feed-dir nvdfeed --output report-foss.txt cve-manifest
o (faster) Use dump file to generate a CVE report
% cvert-foss --restore cvedump --output report-foss.txt cve-manifest
o Generate a full report
% cvert-foss --restore cvedump --show-description --show-reference \
--output report-foss-full.txt cve-manifest
Manifest example:
bash,4.2,CVE-2014-7187
python,2.7.35,
python,3.5.5,CVE-2017-17522 CVE-2018-1061
Report example:
patched | 7.5 | CVE-2018-1061 | python | 3.5.5
patched | 10.0 | CVE-2014-7187 | bash | 4.2
patched | 8.8 | CVE-2017-17522 | python | 3.5.5
unpatched | 10.0 | CVE-2014-6271 | bash | 4.2
unpatched | 10.0 | CVE-2014-6277 | bash | 4.2
unpatched | 10.0 | CVE-2014-6278 | bash | 4.2
unpatched | 10.0 | CVE-2014-7169 | bash | 4.2
unpatched | 10.0 | CVE-2014-7186 | bash | 4.2
unpatched | 4.6 | CVE-2012-3410 | bash | 4.2
unpatched | 8.4 | CVE-2016-7543 | bash | 4.2
unpatched | 5.0 | CVE-2010-3492 | python | 2.7.35
unpatched | 5.3 | CVE-2016-1494 | python | 2.7.35
unpatched | 6.5 | CVE-2017-18207 | python | 3.5.5
unpatched | 6.5 | CVE-2017-18207 | python | 2.7.35
unpatched | 7.1 | CVE-2013-7338 | python | 2.7.35
unpatched | 7.5 | CVE-2018-1060 | python | 3.5.5
unpatched | 8.8 | CVE-2017-17522 | python | 2.7.35
Signed-off-by: grygorii tertychnyi <gtertych@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'scripts/cvert-kernel')
0 files changed, 0 insertions, 0 deletions