feat: CVE query wildcard vendor entries #4730
Labels
enhancement
New feature or request
hackathon
Issues for folk participating in the Open Ecosystems hackathon
Milestone
Description
Hi cve-bin-tool team. We currently evaluate the integration of cve-bin-tool into EMBA. In EMBA we query the CVE data via grep queries. These include sometimes regular expressions for vendor entries. like
cpe:${CPE_VERSION}:[aoh]:.*${lVERSION_SEARCHx}" "${NVD_DIR}"
The simplest possibility to integrate csv-bin-tool I have found is via csv import like
python3 ./cve_bin_tool/cli.py -i ~/Downloads/test.csv --offline
In such a case we could prepare test.csv with some entries like
linux_kernel,linux,2.6.23
But in the mentioned use-case of
linux_kernel,,2.6.23
this approach fails. Is there already a mechanism to perform queries with wildcard vendors that I have missed? Probably we could enter some key-word as vendor to bypass the vendor search?Why?
cve-bin-tool is much faster in CVE queries as the current EMBA approach. Probably we could integrate it into EMBA as the main CVE query engine.
Environment context (optional)
Currently it is for evaluating a possible integration into EMBA. In the future it could be integrated as the central CVE engine for EMBA. EMBA is providing a Kali Linux based docker base image where we could integrate cve-bin-tool.
The text was updated successfully, but these errors were encountered: