clearlinux/cve-check-tool clearlinux/cve-check-tool

  • This repository has been archived on 07/Jan/2023
  • Stars
    star
    205
  • Rank 191,227 (Top 4 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated over 5 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
clearlinux/cve-check-tool
github

clearlinux

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Original Automated CVE Checking Tool

cve-check-tool

Build Status Coverage Status

cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch.

CVEs are only ever potential - due to the various policies of various distributions, and indeed semantics in versioning within various projects, it is expected that the tool may generate false positives.

The tool is designed to integrate with a locally cached copy of the National Vulnerability Database, which should be updated every 3-4 hours. Correctly integrated within the workflow of a distribution, and indeed with the correct bug report tool, this yields a minimum 4 hour turnaround on all disclosed CVEs (non-embargoed)

Data Usage

cve-check-tool downloads the NVD in its entirety, from 2002 until the current moment. The decompressed XML database is in excess of 550MB, so this should be taken into account before running the tool. From then on, only the changed database segments are fetched. Therefore it is advisable to use cve-check-tool on a machine that has sufficient space and internet connection.

On a fairly modern machine, it should only take around 10 seconds to consume the databases. Note however that when the tool runs, it will use a lot of resources to ensure it is fast (it needs to go through over 7 million lines of XML, for one.)

CLI usage:

Most common usage, automatically determine package type and scan for the packages in the given package list file:

cve-check-tool ../packages

Recurse a directory structure, with the predetermined type of eopkg:

cve-check-tool -t eopkg .

Check a single RPM source package, ignoring patched issues:

cve-check-tool -n readline.spec

Flags can be combined, check -h for details. An example to recurse all directories, finding .spec RPM files, and ignoring patched issues:

cve-check-tool -n -t rpm .

License

cve-check-tool is available under the terms of the GNU General Public License, Version 2. Please check the LICENSE file for further details.

Copyright (C) 2015 Intel Corporation

More Repositories

1

distribution

Placeholder repository to allow filing of general bugs/issues/etc against the Clear Linux OS for Intel Architecture linux distribution
518
star
2

dockerfiles

Clear Linux-based Docker containers
Shell
155
star
3

clear-linux-documentation

This repository contains the documentation source files for Clear Linux OS.
JavaScript
130
star
4

swupd-client

Software update client
Shell
114
star
5

clr-bundles

Bundle definitions for Clear Linux OS
Python
112
star
6

clr-boot-manager

Kernel & Boot Loader Management
C
109
star
7

autospec

RPM packaging automation tool
Python
100
star
8

how-to-clear

Training documentation to teach users how to make a Clear Linux OS derivative distribution.
Shell
95
star
9

clr-installer

Clear Linux* OS Installer
Go
90
star
10

tallow

Block hosts that attempt to bruteforce SSH using the journald API.
C
90
star
11

cloud-native-setup

Automation around setting up the cloud-native content (kubernetes) on Clear Linux.
Shell
61
star
12

kvmtool

Clone of https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git
C
55
star
13

common

Developer tooling framework
Makefile
52
star
14

micro-config-drive

An alternative and small cloud-init implementation in C
C
45
star
15

make-fmv-patch

Perl
37
star
16

bsdiff

Binary delta tools and library
C
36
star
17

docker-brew-clearlinux

Dockerhub image snapshots for Clear Linux
Dockerfile
34
star
18

mixer-tools

Software update mixer and related tools
Go
27
star
19

clr-power-tweaks

Power management tweaks for Clear Linux.
C
24
star
20

kernel-config-checker

Check kernel config files against a set of mandatory-for-security settings
Python
17
star
21

clr-distro-factory

Clear Linux* Distro Factory
Shell
16
star
22

clr-wallpapers

Custom wallpapers for clearlinux
Makefile
16
star
23

abireport

Tool to create ABI reports from ELF binaries in packaging
Go
16
star
24

telemetrics-client

Client telemetry components
C
14
star
25

clr-man-pages

Man pages that cover topics specific to Clear Linux OS
M4
13
star
26

swupd-server

Software update server (deprecated)
C
13
star
27

telemetrics-backend

Collector and WebUI for https://github.com/clearlinux/telemetrics-client
Python
12
star
28

clr-init

Initrd created using systemd as init program
Makefile
11
star
29

clr-cloud-init-svc

Shell
9
star
30

clr-service-restart

Automatically restart system services that need restarting after software updates.
C
9
star
31

clear-config-management

Clear Config Management Project
Python
8
star
32

clrtrust

Clear Linux TLS Trust Store Management
Shell
7
star
33

clr-avx-tools

Python
7
star
34

clear-linux-documentation-zh-CN

Localized docs for CN - see contents of locale/zh_CN/LC_MESSAGES
JavaScript
6
star
35

psstop

C
6
star
36

koji-setup-scripts

Shell
6
star
37

python-lkvm

python-lkvm wrapper for lkvm command line
Python
5
star
38

clearstack

A tool to deploy components of Openstack on multiple servers with Clear Linux* Project for Intel Architecture installed
Python
5
star
39

clr-desktop-defaults

Default configuration items for os-utils-gui
Shell
4
star
40

clr-rpm-config

RPM configurations for Clear Linux OS
Shell
4
star
41

unbundle

parses bundle and pundle definition files to recursively resolve a complete list of all packages in a bundle
Python
3
star
42

kernel-install

Shell
3
star
43

bundle-chroot-builder

Chroot builder for swupd-server (deprecated)
Python
3
star
44

clr-network-troubleshooter

Basic networking diagnostics for Clear Linux systems
Perl
3
star
45

clr-distro-factory-config

Clear Linux* Distro Factor Config
Shell
3
star
46

python-swupd

Python bindings for swupd to enable swupd ansible plugin
Python
3
star
47

clr-user-bundles

Go
2
star
48

clr-debug-info

Automatic debuginfo system for Clear Linux OS
C
2
star
49

vm-timing-report

Tool to report actual VM boot times
C
2
star
50

clearlinux.github.io

HTML
2
star
51

vbox-integration

Shell
2
star
52

ansible-role-keystone

Python
2
star
53

swupd-overdue

Checks for overdue OS updates at boot.
C
1
star
54

ansible-role-ciao-common

1
star
55

helloclear

C
1
star
56

ansible-role-docker

1
star
57

swupd-probe

A telemetry proble for swupd-client
C
1
star
58

ansible-role-ciao-webui

1
star
59

ansible-role-ciao-controller

1
star
60

ansible-role-ciao-network

1
star
61

shim-review

1
star
62

stacks

1
star
63

clr-check-perl-modules

Perl
1
star
64

ansible-role-ciao-compute

1
star
65

clr-update-triggers

Post update helpers used by swupd-client
Shell
1
star
66

init-rdahead

C
1
star
67

usrbinjava

Lightweight wrapper for running java, selecting the java runtime version according to which openjdk bundles are installed
C
1
star