AppThreat's vulnerability database and package search library with a built-in file based storage. CVE and GitHub are the primary sources of vulnerabilities.
Project description
Introduction
This repo is a vulnerability database and package search for sources such as NVD, GitHub and so on. It uses a built-in file based storage to allow offline access.
Installation
pip install appthreat-vulnerability-db
Usage
This package is ideal as a library for managing vulnerabilities. This is used by dep-scan, a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.
Cache vulnerability data
vdb --cache
It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.
- NVD_START_YEAR - Default: 2016. Supports upto 2002
- GITHUB_PAGE_COUNT - Default: 5. Supports upto 20
Periodic sync
To periodically sync the latest vulnerabilities and update the database cache.
vdb --sync
Basic search
It is possible to perform simple search using the cli.
vdb --search android:8.0
vdb --search google:android:8.0
vdb --search android:8.0,simplesamlphp:1.14.11
Syntax is package:version,package:version or vendor : package : version (Without space)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for appthreat-vulnerability-db-1.1.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1e1840ed42b5637341ebbb3c6ebc7bfcdae5e82fbbea84a89e22a9e2048fffb9 |
|
MD5 | d2a022c43ead857ba292b717683cdb56 |
|
BLAKE2b-256 | 82c3646b5a741ca4fffcb9ba7ea3c53d8536b7b41924cf61e89ed6b20c3e39fc |