A library for checking CVE vulnerabilities in software dependencies
Project description
CVE Checker Library
CVE Checker is a Python library for checking Common Vulnerabilities and Exposures (CVEs) in software dependencies. It provides tools to scan dependency files, check specific packages for vulnerabilities, assess risk, and generate comprehensive reports.
Features
- Fetch CVE data from the National Vulnerability Database (NVD)
- Scan dependency files (requirements.txt, package.json, etc.) for vulnerabilities
- Check specific packages and versions for known vulnerabilities
- Calculate risk scores based on CVSS scores and exploitability
- Generate detailed reports in JSON or HTML format
- Command-line interface for easy use
Installation
You can install the CVE Checker Library using pip:
pip install cve-checker
For the latest version, you can install directly from the GitHub repository:
pip install git+https://github.com/bassemAbidi/cve_checker.git
Usage
Command-line Interface
The CVE Checker Library provides a command-line interface for quick vulnerability checks.
To check a dependency file:
cve_checker --dependencies path/to/requirements.txt
To check a specific package:
cve_checker --package package_name --version package_version
Python API
You can also use the CVE Checker Library in your Python code:
import asyncio
from cve_checker import CVEChecker
async def main():
checker = CVEChecker()
# Check dependencies
report = await checker.check_dependencies('path/to/requirements.txt')
print(report)
# Check specific package
report = await checker.check_package('package_name', '1.0.0')
print(report)
asyncio.run(main())
Components
The CVE Checker Library consists of several components:
- CVE Data Fetcher: Fetches CVE data from the NVD API.
- Vulnerability Checker: Checks specific software packages for known vulnerabilities.
- Dependency Scanner: Scans project dependencies for vulnerabilities.
- Risk Scorer: Calculates risk scores based on CVSS scores and exploitability.
- Report Generator: Generates comprehensive reports of detected vulnerabilities.
Contributing
Contributions to the CVE Checker Library are welcome! Please refer to the CONTRIBUTING.md file for guidelines on how to contribute.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Changelog
Version 0.1.1
- Updated documentation
- Minor bug fixes and improvements
Version 0.1.0
- Initial release
- Basic functionality for CVE checking and reporting
Contact
If you have any questions or feedback, please open an issue on the GitHub repository or contact the maintainer:
Bassem Abidi (abidi.bassem@me.com)
PyPI Package
The CVE Checker Library is available on PyPI: https://pypi.org/project/cve-checker/
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file cve_checker-0.1.1.tar.gz.
File metadata
- Download URL: cve_checker-0.1.1.tar.gz
- Upload date:
- Size: 13.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d2d5248bb8c61aff06b1e7f271c3e9b7b4aef49121a36e04d571fa9a88a047e5 |
|
| MD5 | f60fc11b9faa93f688ee4c44ddcdb196 |
|
| BLAKE2b-256 | 132ad030c1b4bcd73346d142725475fa08b08479658714801b88a1a5dba13af9 |
File details
Details for the file cve_checker-0.1.1-py3-none-any.whl.
File metadata
- Download URL: cve_checker-0.1.1-py3-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 321f2a6bc2219c8256bf523d0dc7a60a91a4c6aad55b6fa3d41ac276c25c53ba |
|
| MD5 | 5f4147d9ba934d8585e4100f33d4a293 |
|
| BLAKE2b-256 | f2e6f68955cd85f7aab17d9ddf53cdf0ae4dac0e95d3b48c9fc9e1acfe910f83 |
