Discover CVEs for software.
- Use case 1) as a Funtoo Linux user I want to have awareness about CVEs on my system
- Use case 2) as user I want to list CVEs for given package
- Use case 3) as a Gentoo Linux user I want to have awareness about CVEs on my system
- Use case 4) as a Funtoo Linux maintainer I want to scan all packages in kit for CVEs
- Use case 5) as a Funtoo Linux maintainer I want to scan all meta-repo for CVEs
- Use case 6) as a Funtoo Linux user I want to list bug tracker security vulnerability tickets that are not fixed
- Use case 7) as a Funtoo Linux user I want to know if there is already a
ticket for CVE detected by
For better user experience consider using API keys:
More details in COOKBOOK.md
vulner scan doesn't guarantee that all CVEs present on your system will be
detected. It tries to map packages installed by the portage to a set of known
NVD CPEs. It is possible that not all packages will be successfully tagged.
For more info about false negatives and false positives check docs/CAVEATS.md
Check out docs/COOKBOOK.md
CVEs, CPEs, WTFs
Howto build and install
... or you can use
./scripts/check-runtime-deps.sh vulner --help RUST_LOG=debug vulner sync RUST_LOG=info vulner scan -o ~/vulner/scan-results
vulner needs python at runtime?
Because of reasons described in 0001-runtime-python-dependencies.md ADR.