Have you checked Zealience python script for GEC-1 (EN 18031)? #9
Replies: 1 comment 1 reply
-
|
The script is really helpful and greatly simplifies the data flow between Dependency-Track and EN 18031 documentation. In my slowly but steadily built vulnerability-management system, it makes handling large sets of data much more manageable. Based on my experience, I came up with a few improvements that make analyzing the output files even easier in practice:
I’m not entirely sure if I can share my modified version publicly due to licensing considerations. If Zealience is interested, I’d be happy to send it over for review — both to verify the legal side and to assess whether these enhancements are worth publishing. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Challenges of GEC-1
The GEC-1 requirement is a bit of an oddball in EN 18031. It asks manufacturers to document all their software and hardware components along with any associated vulnerabilities. This can lead to thousands of items to be documented!
Unfortunately, the existing vulnerability management tools just don’t make a cut because they do not support GEC-1 documentation specific needs. GEC-1 requires manufacturers to detail the paths through the Decision Trees, along with their results and justifications for each software and hardware component and vulnerability. No tools out there have the capability to handle this, which is exactly why we created this open-source script.
How does the script work? Our script ingests your SBOM and VDR (Vulnerability Disclosure Report). It parses the data contained in these files and automatically generates two CSV files:
Many IoT manufacturers have already utilized this script to successfully prepare their GEC-1 documentation. Some of them have gone to Notified Bodies and got their certifications.
Feel Free to Use the Script 😊
🚀The script is available here: https://github.com/zealience/en18031-vulnerability-documentation
📖Step-by-step guidance is available here: https://zealience.com/resource-hub/gec-1-everything-you-need-to-know
Beta Was this translation helpful? Give feedback.
All reactions