You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each time bomber is run, the vulnerability database is downloaded. For multiple scans of SBOMs, this is not ideal and it would be good if the database download could be controlled particularly if the data has already been downloaded. Having a continually changing vulnerability baseline isn't ideal either.
Suggested enhancements:
1/ Cache the database download and only download a new copy if the data is older than X (default is 24 hours but could be a command line or configuration parameter)
2/ Add a command line to just use the existing data (regardless of how old it is).
3/ To allow the tool to operate in an offline (or air-gapped environment), provide options to import and export a vulnerability database.
4/ If the data already exists elsewhere in the system (e.g. because it has been used by an other tool), provide a filepath to the data to use.
The text was updated successfully, but these errors were encountered:
anthonyharrison
changed the title
Vulnerabitliy Database management
Vulnerability Database management
Sep 14, 2024
Hwy Anthony! I’ll definitely dig into this. I like the idea of having bomber configurable to utilize offline data. Right now it is fully connected and doesn’t cache anything.
Each time bomber is run, the vulnerability database is downloaded. For multiple scans of SBOMs, this is not ideal and it would be good if the database download could be controlled particularly if the data has already been downloaded. Having a continually changing vulnerability baseline isn't ideal either.
Suggested enhancements:
1/ Cache the database download and only download a new copy if the data is older than X (default is 24 hours but could be a command line or configuration parameter)
2/ Add a command line to just use the existing data (regardless of how old it is).
3/ To allow the tool to operate in an offline (or air-gapped environment), provide options to import and export a vulnerability database.
4/ If the data already exists elsewhere in the system (e.g. because it has been used by an other tool), provide a filepath to the data to use.
The text was updated successfully, but these errors were encountered: