This package is useful for fetching known vulnerabilities of third party components used in projects from NVD site.
Using get-techstack-vulnerabilities takes almost no time! Simply install via the pip command:
pip install scantechstackvulns
From here you can import it into your source file by calling:
from scantechstackvulns import TechStack
It takes list of thirdparty components with versions as a input and generates an excel file of known vulnerabilities of that list of components.
The below is the way to use of this package
from scantechstackvulns import TechStack
technology_stack = [
"postgresql 11.11", #|
"spring framework vmware 4.3.25", #|
"spring framework pivotal 4.3.25", #|----- sample data
"apache tomcat 9.0.58", #|
"oracle jdk 1.8.0 update 252" #|
]
output_file = "directory/file_name.xlsx"
TechStack.scan(techstack, output_file)
- Technology stack must contain exact version
- As of now only xlsx extension supports in output file
- Here is the sample xlsx file to verify
This repository is licensed under the MIT license. See LICENSE for details.