Skip to content
Scan products in your stack for known vulnerabilities
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.dependencies.txt.example
.gitignore
Dockerfile
LICENSE
README.md
config.yml
cveparser.py
posters.py
query.py
requirements.txt
run.py

README.md

CVEStack

Example message
An example message

Scans feeds for various elements within the stack, then posts to various sources. Currently syslog, RSS, and slack are supported.. Supports a pip-style format. For instance, this file:

linux
wordpress

Will post to output(s) for any new (or recently updated) CVEs matching linux or wordpress. You can use __ to determine left or right padding on a per-pattern basis. For instance, __py would match ' testpy', but not 'testpy '. Similarly, py__ would match 'testpy ', but not ' testpy'. You can also specify required combinations of keywords. For instance, linux & kernel will require that an entry contains both linux and kernel.

You can also set required keywords to be negative. For instance, this line will match entries for 'sql', but not if they also contain 'server': sql & -server

If you prefer blacklisting to whitelisting, you can enable that in the config by switching dependencies_are_ignored to true. This will ignore all feed entries matching an item in your dependencies file.

The example config pulls from nvd and seclists. It posts to a syslog at /dev/log by default.

You can’t perform that action at this time.