The following project checks the installed packages of your Debian Linux distribution against known vulnerabilities of the Debian Security Bug Tracker https://security-tracker.debian.org/tracker
The target of this project is to provider the CVE security scanning solution that is lightweight and self-contained. The current standard solution debsescan requires the following packages to be installed in order to run:
- dependency on python runtime
- dependency to exim mail server
We want to provide the same features as the debsescan without dependencies to python or the exim mail server.
- Download latest release for your platform: https://github.com/devmatic-it/debcvescan/releases/latest
- extract archive:
tar xvfz debcvescan_X.Y.Z_linux_amd64.tgz - scan system for vulnerabilities:
debcvescan scan
- Download latest release for your platform: https://github.com/devmatic-it/debcvescan/releases/latest
- extract archive:
dpkg -i debcvescan_X.Y.Z_linux_amd64.deb - scan system for vulnerabilities:
debcvescan scan
- Download and import public GPG key:
wget -qO - https://devmatic-it.github.io/debcvescan/debian/PUBLIC.KEY | sudo apt-key add -- Select sources directory for APT:
cd /etc/apt/sources.list.d`- Create new source file:
sudo echo "deb https://devmatic-it.github.io/debcvescan/debian buster main" > devmatic-it.list- Uodate APT repository:
sudo apt-get update- Install the package:
sudo apt-get install debcvescan-
Execute scanning:
debcvescan scan
-
Scan a specific package for vulnerabilities:
debcvescan pkg cron
-
Get details for a specific vulnerabitities:
debcvescan cve CVE-2019-9704
-
export scan report to JSON:
debcvescan scan --format=json
- Use the search tool before opening a new issue: https://github.com/devmatic-it/debcvescan/issues
- Please provide source code and commit fix if you found a bug.
- Review existing issues and provide feedback or react to them.
- Open your pull request against master: https://github.com/devmatic-it/debcvescan/pulls
- Your pull request should have no more than two commits, if not you should squash them.
- It should pass all tests in the available continuous integrations systems such as TravisCI.
- You should add/modify tests to cover your proposed code changes.
- If your pull request contains a new feature, please document it on the https://github.com/devmatic-it/debcvescan/blob/master/README.md
This work has ben inspired by the following open source projects:
- CoreOS Clair Project (https://github.com/coreos/clair/)
- Debsescan Security Scanner (https://gitlab.com/fweimer/debsecan)
- GoRleaser Builder Image (https://github.com/goreleaser/goreleaser)
- Building a basic CI/CD pipeline for a Golang application using GitHub Actions (https://dev.to/brpaz/building-a-basic-ci-cd-pipeline-for-a-golang-application-using-github-actions-icj)