Add Vulntotal CLI #801

keshav-space · 2022-07-19T21:42:07Z

❯ python vulntotal/vulntotal_cli.py --help

Usage: vulntotal_cli.py [OPTIONS] [PURL]

  Runs the PURL through all the available  DataSources and group vulnerability
  by CVEs. Use the special '-' file name to print JSON or YAML results on
  screen/stdout.

Options:
  -l, --list   Lists all the available DataSources.
  --json FILE  Write output as pretty-printed JSON to FILE.
  --yaml FILE  Write output as YAML to FILE.
  -h, --help   Show this message and exit.

Along with some advanced hidden options especially useful for debugging and development.

Options:
  -e, --enable                    Enable these datasource/s only.
  -d, --disable                   Disable these datasource/s.
  --ecosystem                     Lists ecosystem supported by active DataSources
  --raw                           List of all the raw response from DataSources.
  --no-threading                  Run DataSources sequentially.
  -p, --pagination                Enable default pagination.
  --no-group                      Don't group by CVE.

keshav-space · 2022-07-19T23:34:53Z

❯ python vulntotal/vulntotal_cli.py 'pkg:pypi/jinja2@2.4.1'
PURL: pkg:pypi/jinja2@2.4.1
Active DataSources: DEPS, GITHUB, GITLAB, OSS, OSV, SNYK, VULNERABLECODE

+----------------+----------------+----------------+----------------+---------------+
|      CVE       |   DATASOURCE   |    ALIASES     |    AFFECTED    |     FIXED     |
+================+================+================+================+===============+
| CVE-2020-28493 | SNYK           | CVE-2020-28493 | (,2.11.3)      | 2.11.3        |
|                |                | SNYK-PYTHON-   |                |               |
|                |                | JINJA2-1012994 |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2020-28493 | VULNERABLECODE | CVE-2020-28493 | 2.10.1-3       | 1.11.3-r0     |
|                |                | GHSA-g3rq-g295 | 2.10.3-6       | 1.11.3-r0     |
|                |                | -4j3m          | 2.7.0-12       | 1.11.3-r0     |
|                |                |                | 2.7.18-3       | 1.11.3-r0     |
|                |                |                | 2.8-5  4.4.1-7 | 1.11.3-r0     |
|                |                |                | 0.9.6-10       | 1.11.3-r0     |
|                |                |                | 1.5-5          | 1.11.3-r0     |
|                |                |                | 19.3.1-2       | 1.11.3-r0     |
|                |                |                | 2.6-16         | 1.11.3-r0     |
|                |                |                | 1.25.7-7       | 1.11.3-r0     |
|                |                |                | 3.8.11-2       | 1.11.3-r0     |
|                |                |                | 2.0rc1  2.0    | 1.11.3-r0     |
|                |                |                | 2.1  2.1.1     | 1.11.3-r0     |
|                |                |                | 2.2  2.2.1     | 1.11.3-r0     |
|                |                |                | 2.3  2.3.1     | 1.11.3-r0     |
|                |                |                | 2.4  2.4.1     | 1.11.3-r0     |
|                |                |                | 2.5  2.5.1     | 1.11.3-r0     |
|                |                |                | 2.5.2  2.5.3   | 1.11.3-r0     |
|                |                |                | 2.5.4  2.5.5   | 1.11.3-r0     |
|                |                |                | 2.6  2.7       | 1.11.3-r0     |
|                |                |                | 2.7.1  2.7.2   | 1.11.3-r0     |
|                |                |                | 2.7.3  2.8     | 1.11.3-r0     |
|                |                |                | 2.8.1  2.9     | 1.11.3-r0     |
|                |                |                | 2.9.1  2.9.2   | 1.11.3-r0     |
|                |                |                | 2.9.3  2.9.4   | 1.11.3-r0     |
|                |                |                | 2.9.5  2.9.6   | 1.11.3-r0     |
|                |                |                | 2.10  2.10.1   | 1.11.3-r0     |
|                |                |                | 2.10.2  2.10.3 | 1.11.3-r0     |
|                |                |                | 2.11.0  2.11.1 | 2.11.3        |
|                |                |                | 2.11.2         |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2020-28493 | DEPS           | CVE-2020-28493 | 2.0.0          | 2.11.3  3.0.0 |
|                |                |                | 2.0.0rc1       | 3.0.0a1       |
|                |                |                | 2.1.0  2.1.1   | 3.0.0rc1      |
|                |                |                | 2.10.0  2.10.1 | 3.0.0rc2      |
|                |                |                | 2.10.2  2.10.3 | 3.0.1  3.0.2  |
|                |                |                | 2.11.0  2.11.1 | 3.0.3  3.1.0  |
|                |                |                | 2.11.2  2.2.0  | 3.1.1  3.1.2  |
|                |                |                | 2.2.1  2.3.0   |               |
|                |                |                | 2.3.1  2.4.0   |               |
|                |                |                | 2.4.1  2.5.0   |               |
|                |                |                | 2.5.1  2.5.2   |               |
|                |                |                | 2.5.3  2.5.4   |               |
|                |                |                | 2.5.5  2.6.0   |               |
|                |                |                | 2.7.0  2.7.1   |               |
|                |                |                | 2.7.2  2.7.3   |               |
|                |                |                | 2.8.0  2.8.1   |               |
|                |                |                | 2.9.0  2.9.1   |               |
|                |                |                | 2.9.2  2.9.3   |               |
|                |                |                | 2.9.4  2.9.5   |               |
|                |                |                | 2.9.6          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2020-28493 | GITHUB         | CVE-2020-28493 | <2.11.3        | 2.11.3        |
|                |                | GHSA-g3rq-g295 |                |               |
|                |                | -4j3m          |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2020-28493 | GITLAB         | CVE-2020-28493 | <2.11.3        | 2.11.3        |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2020-28493 | OSV            | CVE-2020-28493 | 0  2.0  2.0rc1 | 2.11.3        |
|                |                | GHSA-g3rq-g295 | 2.1  2.1.1     |               |
|                |                | -4j3m          | 2.10  2.10.1   |               |
|                |                |                | 2.10.2  2.10.3 |               |
|                |                |                | 2.11.0  2.11.1 |               |
|                |                |                | 2.11.2  2.2    |               |
|                |                |                | 2.2.1  2.3     |               |
|                |                |                | 2.3.1  2.4     |               |
|                |                |                | 2.4.1  2.5     |               |
|                |                |                | 2.5.1  2.5.2   |               |
|                |                |                | 2.5.3  2.5.4   |               |
|                |                |                | 2.5.5  2.6     |               |
|                |                |                | 2.7  2.7.1     |               |
|                |                |                | 2.7.2  2.7.3   |               |
|                |                |                | 2.8  2.8.1     |               |
|                |                |                | 2.9  2.9.1     |               |
|                |                |                | 2.9.2  2.9.3   |               |
|                |                |                | 2.9.4  2.9.5   |               |
|                |                |                | 2.9.6          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2020-28493 | OSV            | CVE-2020-28493 | 0  2.0  2.0rc1 | 2.11.3        |
|                |                | GHSA-g3rq-g295 | 2.1  2.1.1     |               |
|                |                | -4j3m          | 2.10  2.10.1   |               |
|                |                | PYSEC-2021-66  | 2.10.2  2.10.3 |               |
|                |                | SNYK-PYTHON-   | 2.11.0  2.11.1 |               |
|                |                | JINJA2-1012994 | 2.11.2  2.2    |               |
|                |                |                | 2.2.1  2.3     |               |
|                |                |                | 2.3.1  2.4     |               |
|                |                |                | 2.4.1  2.5     |               |
|                |                |                | 2.5.1  2.5.2   |               |
|                |                |                | 2.5.3  2.5.4   |               |
|                |                |                | 2.5.5  2.6     |               |
|                |                |                | 2.7  2.7.1     |               |
|                |                |                | 2.7.2  2.7.3   |               |
|                |                |                | 2.8  2.8.1     |               |
|                |                |                | 2.9  2.9.1     |               |
|                |                |                | 2.9.2  2.9.3   |               |
|                |                |                | 2.9.4  2.9.5   |               |
|                |                |                | 2.9.6          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2020-28493 | OSS            | CVE-2020-28493 |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2019-10906 | SNYK           | CVE-2019-10906 | (,2.10.1)      | 2.10.1        |
|                |                | SNYK-PYTHON-   |                |               |
|                |                | JINJA2-174126  |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2019-10906 | VULNERABLECODE | CVE-2019-10906 | 2.0rc1  2.0    | 2.10.1        |
|                |                | GHSA-462w-v97r | 2.1  2.1.1     |               |
|                |                | -4m45          | 2.2  2.2.1     |               |
|                |                |                | 2.3  2.3.1     |               |
|                |                |                | 2.4  2.4.1     |               |
|                |                |                | 2.5  2.5.1     |               |
|                |                |                | 2.5.2  2.5.3   |               |
|                |                |                | 2.5.4  2.5.5   |               |
|                |                |                | 2.6  2.7       |               |
|                |                |                | 2.7.1  2.7.2   |               |
|                |                |                | 2.7.3  2.8     |               |
|                |                |                | 2.8.1  2.9     |               |
|                |                |                | 2.9.1  2.9.2   |               |
|                |                |                | 2.9.3  2.9.4   |               |
|                |                |                | 2.9.5  2.9.6   |               |
|                |                |                | 2.10           |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2019-10906 | GITHUB         | CVE-2019-10906 | <2.10.1        | 2.10.1        |
|                |                | GHSA-462w-v97r |                |               |
|                |                | -4m45          |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2019-10906 | GITLAB         | CVE-2019-10906 | <2.10.1        | 2.10.1        |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2019-10906 | OSV            | CVE-2019-10906 | 0  2.0  2.0rc1 | 2.10.1        |
|                |                | GHSA-462w-v97r | 2.1  2.1.1     |               |
|                |                | -4m45          | 2.10  2.2      |               |
|                |                |                | 2.2.1  2.3     |               |
|                |                |                | 2.3.1  2.4     |               |
|                |                |                | 2.4.1  2.5     |               |
|                |                |                | 2.5.1  2.5.2   |               |
|                |                |                | 2.5.3  2.5.4   |               |
|                |                |                | 2.5.5  2.6     |               |
|                |                |                | 2.7  2.7.1     |               |
|                |                |                | 2.7.2  2.7.3   |               |
|                |                |                | 2.8  2.8.1     |               |
|                |                |                | 2.9  2.9.1     |               |
|                |                |                | 2.9.2  2.9.3   |               |
|                |                |                | 2.9.4  2.9.5   |               |
|                |                |                | 2.9.6          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2019-10906 | OSV            | CVE-2019-10906 | 0  2.0  2.0rc1 | 2.10.1        |
|                |                | GHSA-462w-v97r | 2.1  2.1.1     |               |
|                |                | -4m45          | 2.10  2.2      |               |
|                |                | PYSEC-2019-217 | 2.2.1  2.3     |               |
|                |                |                | 2.3.1  2.4     |               |
|                |                |                | 2.4.1  2.5     |               |
|                |                |                | 2.5.1  2.5.2   |               |
|                |                |                | 2.5.3  2.5.4   |               |
|                |                |                | 2.5.5  2.6     |               |
|                |                |                | 2.7  2.7.1     |               |
|                |                |                | 2.7.2  2.7.3   |               |
|                |                |                | 2.8  2.8.1     |               |
|                |                |                | 2.9  2.9.1     |               |
|                |                |                | 2.9.2  2.9.3   |               |
|                |                |                | 2.9.4  2.9.5   |               |
|                |                |                | 2.9.6          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2014-1402  | SNYK           | CVE-2014-1402  | (,2.7.2)       | 2.7.2         |
|                |                | SNYK-PYTHON-   |                |               |
|                |                | JINJA2-40028   |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2014-1402  | VULNERABLECODE | CVE-2014-1402  | 2.0rc1  2.0    | 2.7.2         |
|                |                | GHSA-8r7q-cvjq | 2.1  2.1.1     |               |
|                |                | -x353          | 2.2  2.2.1     |               |
|                |                |                | 2.3  2.3.1     |               |
|                |                |                | 2.4  2.4.1     |               |
|                |                |                | 2.5  2.5.1     |               |
|                |                |                | 2.5.2  2.5.3   |               |
|                |                |                | 2.5.4  2.5.5   |               |
|                |                |                | 2.6  2.7       |               |
|                |                |                | 2.7.1          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2014-1402  | GITHUB         | CVE-2014-1402  | <2.7.2         | 2.7.2         |
|                |                | GHSA-8r7q-cvjq |                |               |
|                |                | -x353          |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2014-1402  | GITLAB         | CVE-2014-1402  | <=2.7.1        | 2.7.2         |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2014-1402  | OSV            | CVE-2014-1402  | 0  2.0  2.0rc1 | 2.7.2         |
|                |                | GHSA-8r7q-cvjq | 2.1  2.1.1     |               |
|                |                | -x353          | 2.2  2.2.1     |               |
|                |                |                | 2.3  2.3.1     |               |
|                |                |                | 2.4  2.4.1     |               |
|                |                |                | 2.5  2.5.1     |               |
|                |                |                | 2.5.2  2.5.3   |               |
|                |                |                | 2.5.4  2.5.5   |               |
|                |                |                | 2.6  2.7       |               |
|                |                |                | 2.7.1          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2014-1402  | OSV            | CVE-2014-1402  | 0  2.0  2.0rc1 | 2.7.2         |
|                |                | PYSEC-2014-8   | 2.1  2.1.1     |               |
|                |                |                | 2.2  2.2.1     |               |
|                |                |                | 2.3  2.3.1     |               |
|                |                |                | 2.4  2.4.1     |               |
|                |                |                | 2.5  2.5.1     |               |
|                |                |                | 2.5.2  2.5.3   |               |
|                |                |                | 2.5.4  2.5.5   |               |
|                |                |                | 2.6  2.7       |               |
|                |                |                | 2.7.1          |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2014-1402  | OSS            | CVE-2014-1402  |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2016-10745 | VULNERABLECODE | GHSA-          | 2.0rc1  2.0    | 2.8.1         |
|                |                | hj2j-77xm-mc5v | 2.1  2.1.1     |               |
|                |                | CVE-2016-10745 | 2.2  2.2.1     |               |
|                |                |                | 2.3  2.3.1     |               |
|                |                |                | 2.4  2.4.1     |               |
|                |                |                | 2.5  2.5.1     |               |
|                |                |                | 2.5.2  2.5.3   |               |
|                |                |                | 2.5.4  2.5.5   |               |
|                |                |                | 2.6  2.7       |               |
|                |                |                | 2.7.1  2.7.2   |               |
|                |                |                | 2.7.3  2.8     |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2016-10745 | GITHUB         | CVE-2016-10745 | <2.8.1         | 2.8.1         |
|                |                | GHSA-          |                |               |
|                |                | hj2j-77xm-mc5v |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2016-10745 | GITLAB         | GHSA-          | <2.8.1         | 2.8.1         |
|                |                | hj2j-77xm-mc5v |                |               |
|                |                | CVE-2016-10745 |                |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2016-10745 | OSV            | CVE-2016-10745 | 0  2.0  2.0rc1 | 2.8.1         |
|                |                | GHSA-          | 2.1  2.1.1     |               |
|                |                | hj2j-77xm-mc5v | 2.2  2.2.1     |               |
|                |                |                | 2.3  2.3.1     |               |
|                |                |                | 2.4  2.4.1     |               |
|                |                |                | 2.5  2.5.1     |               |
|                |                |                | 2.5.2  2.5.3   |               |
|                |                |                | 2.5.4  2.5.5   |               |
|                |                |                | 2.6  2.7       |               |
|                |                |                | 2.7.1  2.7.2   |               |
|                |                |                | 2.7.3  2.8     |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2016-10745 | OSV            | CVE-2016-10745 | 0  2.0  2.0rc1 | 9b53045c34e61 |
|                |                | GHSA-          | 2.1  2.1.1     | 013dc8f09b7e5 |
|                |                | hj2j-77xm-mc5v | 2.2  2.2.1     | 2a555fa16bed1 |
|                |                | PYSEC-2019-220 | 2.3  2.3.1     | 6             |
|                |                |                | 2.4  2.4.1     |               |
|                |                |                | 2.5  2.5.1     |               |
|                |                |                | 2.5.2  2.5.3   |               |
|                |                |                | 2.5.4  2.5.5   |               |
|                |                |                | 2.6  2.7       |               |
|                |                |                | 2.7.1  2.7.2   |               |
|                |                |                | 2.7.3  2.8     |               |
+----------------+----------------+----------------+----------------+---------------+
| CVE-2016-10745 | OSS            | CVE-2016-10745 |                |               |
+----------------+----------------+----------------+----------------+---------------+

keshav-space · 2022-07-25T15:34:27Z

Now CLI also supports the listing of supported ecosystems

❯ python vulntotal/vulntotal_cli.py --ecosystem
Active DataSources: DEPS, GITHUB, GITLAB, OSS, OSV, SNYK, VULNERABLECODE

Ecosystem supported by active datasources
ALPINE
ANDROID
CARGO
COCOAPODS
COMPOSER
CONAN
CONDA
CRAN
CRATES.IO
DEB
DEBIAN
ERLANG
GEM
GOLANG
HEX
LINUX
MAVEN
NGINX
NPM
NUGET
OPENSSL
OSS-FUZZ
PYPI
RPM
RUBYGEMS
RUST
SWIFT
UNMANAGED

pombredanne

Thanks! LGTM very nice... Do you mind to use click may be rather than argparse? Also I think there should be only two user-visible options: --purl and --list all the other options are debugging options. The user should not be able routinely to select/enable/disable validators at all. This means that we have not done the right job.

vulntotal/vulntotal-cli.py

pombredanne · 2022-08-02T13:27:24Z

IMHO we should also find a way to report some JSON output.

pombredanne · 2022-08-02T13:28:42Z

Some example of CLI could be https://github.com/nexB/python-inspector/blob/main/src/python_inspector/resolve_cli.py

TG1999 · 2022-09-05T19:49:42Z

Add doctsrings for all the functions and also add doctests/ unit tests for functions which have not been tested at all

armijnhemel · 2022-09-12T10:43:10Z

| CVE-2020-28493 | VULNERABLECODE | CVE-2020-28493 | 2.10.1-3       | 1.11.3-r0     |
|                |                | GHSA-g3rq-g295 | 2.10.3-6       | 1.11.3-r0     |
|                |                | -4j3m          | 2.7.0-12       | 1.11.3-r0     |
|                |                |                | 2.7.18-3       | 1.11.3-r0     |

That looks like an odd result as I don't think that version 1.11.3-r0 actually exists. Maybe a bug in the VulnerableCode data? I would have expected to see 2.11.3-r0

TG1999 · 2022-09-12T10:49:53Z

| CVE-2020-28493 | VULNERABLECODE | CVE-2020-28493 | 2.10.1-3       | 1.11.3-r0     |
|                |                | GHSA-g3rq-g295 | 2.10.3-6       | 1.11.3-r0     |
|                |                | -4j3m          | 2.7.0-12       | 1.11.3-r0     |
|                |                |                | 2.7.18-3       | 1.11.3-r0     |

That looks like an odd result as I don't think that version 1.11.3-r0 actually exists. Maybe a bug in the VulnerableCode data? I would have expected to see 2.11.3-r0

@armijnhemel it's not a bug in Vulnerablecode, the version 1.11.3-r0 is not from pypi ecosystem but from apline ecosystem pkg:alpine/py3-jinja2@1.11.3-r0?arch=aarch64&distroversion=edge&reponame=main vulntotal needs some sort of filtering to filter out the purls that are related to the ecosystem of the requested purl.

cc @keshav-space

armijnhemel · 2022-09-12T11:04:34Z

| CVE-2020-28493 | VULNERABLECODE | CVE-2020-28493 | 2.10.1-3       | 1.11.3-r0     |
|                |                | GHSA-g3rq-g295 | 2.10.3-6       | 1.11.3-r0     |
|                |                | -4j3m          | 2.7.0-12       | 1.11.3-r0     |
|                |                |                | 2.7.18-3       | 1.11.3-r0     |
That looks like an odd result as I don't think that version 1.11.3-r0 actually exists. Maybe a bug in the VulnerableCode data? I would have expected to see 2.11.3-r0
@armijnhemel it's not a bug in Vulnerablecode, the version 1.11.3-r0 is not from pypi ecosystem but from apline ecosystem pkg:alpine/py3-jinja2@1.11.3-r0?arch=aarch64&distroversion=edge&reponame=main vulntotal needs some sort of filtering to filter out the purls that are related to the ecosystem of the requested purl.

cc @keshav-space

I will open a different issue, as I have found what the bug is.

keshav-space · 2022-09-12T11:47:14Z

@armijnhemel it's not a bug in Vulnerablecode, the version 1.11.3-r0 is not from pypi ecosystem but from apline ecosystem pkg:alpine/py3-jinja2@1.11.3-r0?arch=aarch64&distroversion=edge&reponame=main vulntotal needs some sort of filtering to filter out the purls that are related to the ecosystem of the requested purl.

cc @keshav-space

VulnTotal is making this request.

response = requests.post(
    "http://localhost:8001/api/packages/bulk_search/",
    json={"purls": ["pkg:pypi/jinja2@2.4.1"]},
)

The point here is that if I'm making an explicit request for pypi ecosystem, why should I be getting anything from the alpine?

TG1999 · 2022-09-12T11:50:46Z

@armijnhemel it's not a bug in Vulnerablecode, the version 1.11.3-r0 is not from pypi ecosystem but from apline ecosystem pkg:alpine/py3-jinja2@1.11.3-r0?arch=aarch64&distroversion=edge&reponame=main vulntotal needs some sort of filtering to filter out the purls that are related to the ecosystem of the requested purl.
cc @keshav-space

VulnTotal is making this request.
response = requests.post(
    "http://localhost:8001/api/packages/bulk_search/",
    json={"purls": ["pkg:pypi/jinja2@2.4.1"]},
)
The point here is that if I'm making an explicit request for pypi ecosystem, why should I be getting anything from the alpine?

@keshav-space which branch of vulnerablecode are you using in your local checkout? if you use the latest branch you will only get purls of pypi ecosystem

armijnhemel · 2022-09-12T11:53:10Z

| CVE-2020-28493 | VULNERABLECODE | CVE-2020-28493 | 2.10.1-3       | 1.11.3-r0     |
|                |                | GHSA-g3rq-g295 | 2.10.3-6       | 1.11.3-r0     |
|                |                | -4j3m          | 2.7.0-12       | 1.11.3-r0     |
|                |                |                | 2.7.18-3       | 1.11.3-r0     |
That looks like an odd result as I don't think that version 1.11.3-r0 actually exists. Maybe a bug in the VulnerableCode data? I would have expected to see 2.11.3-r0
@armijnhemel it's not a bug in Vulnerablecode, the version 1.11.3-r0 is not from pypi ecosystem but from apline ecosystem pkg:alpine/py3-jinja2@1.11.3-r0?arch=aarch64&distroversion=edge&reponame=main vulntotal needs some sort of filtering to filter out the purls that are related to the ecosystem of the requested purl.
cc @keshav-space
I will open a different issue, as I have found what the bug is.

It seems that what I found is indeed a different issue than what is currently being discussed ;-)

I have opened a separate bug report in #915

keshav-space · 2022-09-12T11:58:00Z

@keshav-space which branch of vulnerablecode are you using in your local checkout? if you use the latest branch you will only get purls of pypi ecosystem

Okay, let me try the latest branch.

keshav-space added the VulnTotal Tool for cross-validating vulnerability label Jul 19, 2022

keshav-space added this to In progress in VulnTotal Jul 19, 2022

keshav-space self-assigned this Jul 19, 2022

keshav-space force-pushed the vulntotal_cli branch 2 times, most recently from daa8a1c to d6b3998 Compare July 19, 2022 23:32

keshav-space moved this from In progress to Review in VulnTotal Jul 25, 2022

keshav-space requested review from Hritik14, pombredanne, sbs2001 and TG1999 July 25, 2022 17:16

keshav-space moved this from Review to In progress in VulnTotal Jul 25, 2022

pombredanne requested changes Aug 2, 2022

View reviewed changes

vulntotal/vulntotal-cli.py Outdated Show resolved Hide resolved

keshav-space force-pushed the vulntotal branch from 7bc5575 to 78dd5ae Compare August 5, 2022 13:24

keshav-space marked this pull request as draft August 26, 2022 18:54

This was linked to issues Aug 28, 2022

Streamline CLI #882

Closed

support file output and group by CVE in VulnTotal CLI #884

Closed

keshav-space force-pushed the vulntotal_cli branch from 01fc4f3 to fe20e49 Compare August 29, 2022 18:42

keshav-space marked this pull request as ready for review August 29, 2022 18:59

keshav-space moved this from In progress to Done in VulnTotal Sep 8, 2022

armijnhemel mentioned this pull request Sep 12, 2022

Alpine: possibly wrong information is indexed #915

Open

pombredanne mentioned this pull request Oct 7, 2022

Getting traceback calls & no report is generated. nexB/scancode-toolkit#2908

Open

keshav-space mentioned this pull request Oct 12, 2022

Plan for merging VulnTotal PRs #950

Closed

9 tasks

pombredanne merged commit cad9501 into nexB:vulntotal Nov 19, 2022

pombredanne mentioned this pull request Dec 3, 2022

Fetch data from VulnerableCode devops-kung-fu/bomber#98

Open

keshav-space deleted the vulntotal_cli branch January 10, 2023 11:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Vulntotal CLI #801

Add Vulntotal CLI #801

keshav-space commented Jul 19, 2022 •

edited

keshav-space commented Jul 19, 2022 •

edited

keshav-space commented Jul 25, 2022 •

edited

pombredanne left a comment

pombredanne commented Aug 2, 2022

pombredanne commented Aug 2, 2022

TG1999 commented Sep 5, 2022

armijnhemel commented Sep 12, 2022

TG1999 commented Sep 12, 2022 •

edited

armijnhemel commented Sep 12, 2022

keshav-space commented Sep 12, 2022

TG1999 commented Sep 12, 2022

armijnhemel commented Sep 12, 2022

keshav-space commented Sep 12, 2022

Add Vulntotal CLI #801

Add Vulntotal CLI #801

Conversation

keshav-space commented Jul 19, 2022 • edited

keshav-space commented Jul 19, 2022 • edited

keshav-space commented Jul 25, 2022 • edited

pombredanne left a comment

Choose a reason for hiding this comment

pombredanne commented Aug 2, 2022

pombredanne commented Aug 2, 2022

TG1999 commented Sep 5, 2022

armijnhemel commented Sep 12, 2022

TG1999 commented Sep 12, 2022 • edited

armijnhemel commented Sep 12, 2022

keshav-space commented Sep 12, 2022

TG1999 commented Sep 12, 2022

armijnhemel commented Sep 12, 2022

keshav-space commented Sep 12, 2022

keshav-space commented Jul 19, 2022 •

edited

keshav-space commented Jul 19, 2022 •

edited

keshav-space commented Jul 25, 2022 •

edited

TG1999 commented Sep 12, 2022 •

edited