Skip to content

Add python vapm scanner#65

Merged
cseileropswat merged 3 commits into
mainfrom
add-python-vapm-scanner
Jun 19, 2026
Merged

Add python vapm scanner#65
cseileropswat merged 3 commits into
mainfrom
add-python-vapm-scanner

Conversation

@cseileropswat

Copy link
Copy Markdown
Contributor

No description provided.

cseileropswat and others added 3 commits June 19, 2026 09:38
get_cves_for_kb now merges kb_cves (kb_info.json, numeric ids normalized to
CVE-YYYY-NNNNN) with vuln_system_associations, deduplicated. Verified against
MSRC for the missing KBs: this raises Windows OS coverage to full parity
(0 missing vs MSRC's authoritative list) where the vuln_system_associations-
only path under-reported by ~60 cumulative-supersedence CVEs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
New diagnostic (online, opt-in) that cross-checks each reported OS CVE against
NVD CPE data and flags any the offline catalog associates with this OS that NVD
does not list for the OS family/release -- catching catalog os_id over-
associations (e.g. CVE-2020-17103, a Windows 10/Server CVE wrongly mapped to the
Windows 11 24H2 KB chain). Caches responses, honors NVD_API_KEY, supports
--cves/--limit/--strict. The mapper itself stays fully offline.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The NVD-CPE sanity check is an online diagnostic, not part of the offline
assessment, so keep it out of the repo like scan-all-workflows.py.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cseileropswat cseileropswat merged commit cecb8a2 into main Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant