You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently use external repos for packages such as salt to use versions that are suitable for our environment. Vuls is currently reporting the latest version within debian, and therefore the CVEs and vulnerabilities related to it are not accurate for our environment. We have to manually go through and check the vulnerabilities associated with these external repo packages.
For example: We are currently using salt-minion version 3003.1+ds-1 on Debian 9.
However in VulsRepo it is showing incorrect vulnerabilities in relation to the version we're using, as it's picking up the latest version from debian security tracker which is 3002.6:
Is it possible to implement a feature that allows for version detection through external repos? In short, we would like to check for vulnerabilities within salt but we're not using the debian repo.
Look forward to your response.
The text was updated successfully, but these errors were encountered:
The vulnerability DB of the External repo is not public, so I think it is difficult.
If you know the URL of the vulnerability DB of external repo, please let me know.
Hi there,
We currently use external repos for packages such as salt to use versions that are suitable for our environment. Vuls is currently reporting the latest version within debian, and therefore the CVEs and vulnerabilities related to it are not accurate for our environment. We have to manually go through and check the vulnerabilities associated with these external repo packages.
For example: We are currently using salt-minion version 3003.1+ds-1 on Debian 9.
However in VulsRepo it is showing incorrect vulnerabilities in relation to the version we're using, as it's picking up the latest version from debian security tracker which is 3002.6:
Is it possible to implement a feature that allows for version detection through external repos? In short, we would like to check for vulnerabilities within salt but we're not using the debian repo.
Look forward to your response.
The text was updated successfully, but these errors were encountered: