Skip to content

Add python vapm scanner#70

Merged
cseileropswat merged 2 commits into
mainfrom
add-python-vapm-scanner
Jun 29, 2026
Merged

Add python vapm scanner#70
cseileropswat merged 2 commits into
mainfrom
add-python-vapm-scanner

Conversation

@cseileropswat

Copy link
Copy Markdown
Contributor

Updated the map routine to discover more with CA

cseileropswat and others added 2 commits June 26, 2026 18:01
…ogic (v5)

Replace the downward closure-expansion of missing KBs with the endpoint
engine's calcAffectedCvesList approach: affected = direct CVEs of missing KBs
minus CVEs of the older superseded KBs minus CVEs covered by installed KBs +
chain. The old expansion accreted the whole historical CVE tail (every
cumulative newer than the machine's build leaked in); subtracting superseded
history instead fixes the over-reporting (e.g. customer 24H2 build 26100.6584:
662 -> 110). Adds forward supersedence (cumulative_kbs / appendMissingCumulKB)
so a stale reported KB still surfaces the latest cumulative's CVEs. Retains the
data-quality warnings; load_kb_info_for_os now also returns cumulative_kbs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ent CVEs)

Centralized OS CVE mapping (detect_windows_cves) seeded its missing set only
from the agent's GetMissingPatches, which reports just the latest offered
cumulative. On machines several cumulatives behind, the intervening monthly
cumulatives never entered the missing set, so their CVEs were dropped.

Add get_missing_kbs_from_later_builds (port of the endpoint engine's
getMissingKBFromBuildHistory): seed missing KBs from every kb_base build newer
than the running build, the symmetric counterpart to the earlier-builds
(installed) seeding, and expand those build-history KBs in the superseded
subtraction so the net set stays correct.

Validated against a real customer endpoint result set: recovers the full
build-applicable OS CVE set (Win10 19044 build .1288: 2235 -> 2693, matching
the live endpoint scan 100%) with per-month KB attribution, and is unchanged
on the Win11 24H2 case. Third-party detection is unaffected.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cseileropswat cseileropswat merged commit c0b0c0e into main Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant