vul-db

Overview

vul-db is a CLI tool and a library to manipulate Vul DB.

Library

Vul uses vul-db internally to manipulate vulnerability DB. This DB has vulnerability information from NVD, Red Hat, Debian, etc.

CLI

The vul-db CLI tool builds vulnerability DBs. A GitHub Actions workflow periodically builds a fresh version of the vulnerability DB using vul-db and uploads it to the GitHub Container Registry (see Download the vulnerability database below).

NAME:
   vul-db - Vul DB builder

USAGE:
   main [global options] command [command options] image_name

VERSION:
   0.0.1

COMMANDS:
     build    build a database file
     help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

Building the DB

You can utilize make db-all to build the database, the DB artifact is outputted to the assets folder.

Alternatively Docker is supported, you can run docker build . -t vul-db.

If you want to build a vul integration test DB, please run make create-test-db

Update interval

Every 6 hours

Download the vulnerability database

version 1 (deprecated)

Vul DB v1 reached the end of support on February 2023. Please upgrade Vul to v0.23.0 or later.

Read more about the Vul DB v1 deprecation in the discussion.

version 2

Vul DB v2 is hosted on GHCR. Although GitHub displays the docker pull command by default, please note that it cannot be downloaded using docker pull as it is not a container image.

You can download the actual compiled database via Vul or Oras CLI.

Vul:

VUL_TEMP_DIR=$(mktemp -d)
vul --cache-dir $VUL_TEMP_DIR image --download-db-only
tar -cf ./db.tar.gz -C $VUL_TEMP_DIR/db metadata.json vul.db
rm -rf $VUL_TEMP_DIR

oras >= v0.13.0:

$ oras pull ghcr.io/khulnasoft-lab/vul-db:2

oras < v0.13.0:

$ oras pull -a ghcr.io/khulnasoft-lab/vul-db:2

The database can be used for Air-Gapped Environment.