Search CloudPassage Halo API for specific CVEs
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 3 commits ahead of ehoffmann-cp:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

#CloudPassage Check For CVE Example

Version: 1.0
Author: Eric Hoffmann -

Users can use the provided example script to check for the presence of any individual CVE or list of CVEs. It uses the Halo API to get the details of the last scheduled or manually launched SVA scan for all active servers. It then checks for the presence of the provided CVE(s) in the scan findings.

##Requirements and Dependencies

To run, this script requires

  • Ruby installed on the host that runs the script
  • Ruby gems: oauth2, rest-client, json
  • A read-only Halo API key/secret stored in a yaml file
  • The location of the yaml file set as a ENV variable

##List of Files

  • check_for_cves.rb - Ruby script which leverages the Halo API to check for the presence of various CVEs
  • - This ReadMe file
  • LICENSE.txt - License from CloudPassage


  1. Copy a read-only Halo API key/secret from the Halo Portal into a "dot" file ie ~/.halo
  2. Set the location of the api-key file as a ENV variable called HALO_API_KEY_FILE
  3. Execute the script

The format of ~/.halo

  key_id : XXXXXXXX

The additional variable in your ~/.bash_profile

HALO_API_KEY_FILE="/home/<your username>/.halo"

How to excute the script

ruby check_for_cves.rb --cve 'CVE-2010-0624,CVE-2011-4623'
ip-10-123-254-12,, centos,6.5, cpio.x86_64, 2.10-11.el6_3, CVE-2010-0624
ip-10-10-254-13,, centos,6.2, cpio.x86_64, 2.10-11.el6_3, CVE-2010-0624
ip-10-10-254-13,, centos,6.2, rsyslog.x86_64, 4.6.2-12.el6, CVE-2011-4623
Checked 2 servers for CVE-2010-0624,CVE-2011-4623